Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security

Andrew Chin, Dongkwan Kim, Yu-Fu Fu, Fabian Fleischer, Youngjoon Kim, HyungSeok Han, Cen Zhang, Brian Junekyu Lee, Hanqing Zhao, Taesoo Kim

TL;DR

OSS-CRS is presented, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management and discovered 10 previously unknown bugs across 8 OSS-Fuzz projects.

Abstract

DARPA's AI Cyber Challenge (AIxCC) showed that cyber reasoning systems (CRSs) can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their original teams, each bound to the competition cloud infrastructure that no longer exists. We present OSS-CRS, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management. We ported the first-place system (Atlantis) and discovered 10 previously unknown bugs (three of high severity) across 8 OSS-Fuzz projects. OSS-CRS is publicly available.

OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security

TL;DR

OSS-CRS is presented, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management and discovered 10 previously unknown bugs across 8 OSS-Fuzz projects.

Abstract

DARPA's AI Cyber Challenge (AIxCC) showed that cyber reasoning systems (CRSs) can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their original teams, each bound to the competition cloud infrastructure that no longer exists. We present OSS-CRS, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management. We ported the first-place system (Atlantis) and discovered 10 previously unknown bugs (three of high severity) across 8 OSS-Fuzz projects. OSS-CRS is publicly available.
Paper Structure (29 sections, 13 figures, 4 tables)

This paper contains 29 sections, 13 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background and Motivation
  3. Cyber Reasoning Systems
  4. From Competition to Deployment
  5. Barrier 1: Infrastructure Duplication
  6. Barrier 2: Cloud Lock-in
  7. Barrier 3: Monolithic Design
  8. System Design
  9. Architecture Overview
  10. OSS-CRS Interface
  11. [0.5]libCRS
  12. Resource Management
  13. LLM Services
  14. Artifact Exchange
  15. CRS Integration
  16. ...and 14 more sections

Figures (13)

  • Figure 1: Architecture overview of OSS-CRS. Users provide a target project and configuration (optionally with code diffs or bug candidates) and receive PoVs and patches as outputs through the three-phase interface (prepare, build-target, run). CRSs run in resource-managed containers with isolated networks and interact with the platform through [0.5]libCRS. All LLM calls are routed through the LiteLLM proxy, which handles model routing and per-CRS budget enforcement. The exchange sidecar deduplicates artifacts in file-based storage and synchronizes them across all CRSs.
  • Figure 2: Docker workflow across the three operational phases, showing image construction (top), container execution (middle), and file artifact flow (bottom).
  • Figure 3: Builder sidecar workflow. The sidecar restores a snapshot of the compiled target, applies the patch diff, and performs an incremental rebuild.
  • Figure 4: Build script for crs-libfuzzer.
  • Figure 5: [0.5]crs.yaml for crs-libfuzzer
  • ...and 8 more figures