DARPA AI Cyber Challenge · 2nd place · Open source
Buttercup
An open-source AI Cyber Reasoning System that finds and patches vulnerabilities on its own.
Buttercup is a fully automated, AI-driven system for discovering and patching vulnerabilities in open-source software. Trail of Bits built it for DARPA's AI Cyber Challenge, and now that the competition has concluded, it is open source for the whole security community to use, extend, and build on.
AIxCC results
Presentations
Trail of Bits won second place in DARPA's AI Cyber Challenge at DEF CON 33. These presentations cover Buttercup's journey and what it was like to compete. Pan through the slides, or open the full PDF.
How Buttercup works
Buttercup discovers and patches real vulnerabilities using static analysis and AI-guided fuzzing, then proves each bug and verifies each fix before reporting it. A multi-agent architecture runs the whole pipeline without a human in the loop.
-
Adaptive vulnerability discovery
Pairs static analysis with AI-guided fuzzing, adapting its search to each target to surface real, reachable bugs.
-
Extensive validation of bugs
Every candidate is reproduced and proven before it is reported, which kept Buttercup's results at 90% accuracy.
-
AI-driven patching
Generates fixes with LLMs and verifies each one closes the bug without breaking the build.
-
Fully autonomous system
Runs end to end with no human in the loop, from discovery through a validated patch.
-
Scalable architecture
A multi-agent design that runs anywhere, from a single laptop to enterprise Kubernetes clusters.
-
Language versatility
Finds and fixes vulnerabilities across many languages and 20 CWE categories.
AIxCC timeline
-
Dec 2023
Trail of Bits applies to AIxCC -
Jan 2024
Responds to the rules RFC -
Mar 2024
$1 million DARPA award -
Aug 2024
Buttercup heads to competition -
Aug 2024
Finals qualification -
Apr 2025
Finals competition begins -
Jul 2025
Scored round underway -
Aug 2025
Wins second place 2nd
The Buttercup team
The engineers and researchers behind Buttercup.
- Michael Brown
- Ian Smith
- Evan Downing
- Eric Kilmer
- Riccardo Schirone
- Francesco Bertolaccini
- Ronald Eytchison
- Henrik Brodin
- Brad Swain
- Boyan Milanov
- Alessandro Gario
Competition resources
- AIxCC blog series Our complete journey and insights from DARPA's AI Cyber Challenge.
- Official AIxCC program DARPA's program information for the AI Cyber Challenge.
- AIxCC finalist teams All seven teams that competed in the AIxCC finals.
- AI Cyber Challenge The official AI Cyber Challenge competition website.
- Team repositories Open-source code from all AIxCC finalist teams.
- Contact us Get in touch with our team about Buttercup and AIxCC.
Talks & events
- WebinarWatch the recording
Hardening the Code: A Q&A on AI-Powered Security
Aired Sep 11, 2025 · Recording available
Edera's Dan Fernández with Trail of Bits' Michael Brown. A recorded Q&A on AI-driven vulnerability management, agent design, and deploying secure AI systems at scale.
- WorkshopWorkshop details
Frontier AI in Cybersecurity: Risks and Opportunities
Nov 6 & 12, 2025 · Online · Berkeley RDI and Schmidt Sciences
Dan Guido and Riccardo Schirone. Our talk, "AIxCC Floating All Boats," on making Buttercup usable for everyone, alongside other AIxCC winning teams and frontier AI labs.
- Conference talkTalk details
Buttercup and DARPA's AI Cyber Challenge
Nov 7, 2025 · RingZer0 COUNTERMEASURE, Ottawa
Henrik Brodin and Ronald Eytchison. How Buttercup discovers and patches real vulnerabilities with static analysis and AI-guided fuzzing, and what we learned about when AI helps versus hurts.
From @trailofbits
-
Buttercup won the $3M second prize at DARPA's AIxCC. We found 28 vulnerabilities across 20 CWEs with 90% accuracy at just $181/point, achieving this with exclusively non-reasoning LLMs.
@trailofbits · Aug 9, 2025 -
Buttercup is now open source! Here's our updated and refactored repo, suitable for use by individuals. The blog has key architectural background about how it works.
@dguido · Aug 8, 2025 -
DARPA's AIxCC finals: 7 autonomous AI systems are competing right now to find and patch vulnerabilities in critical open-source programs like the Linux kernel, SQLite, and cURL.
@trailofbits · Jul 2, 2025
News & coverage
- DARPA · Aug 8, 2025 AI Cyber Challenge marks pivotal inflection point for cyber defense Teams discovered 54 unique synthetic vulnerabilities, patched 43, and found 18 real vulnerabilities across 54 million lines of code.
- Bloomberg · Aug 13, 2025 DARPA's AI Cyber Contest Awards Security Teams for Fixing Flaws How autonomous systems are changing vulnerability detection and patch deployment at speed and scale.
- CyberScoop · Aug 8, 2025 DARPA's AI Cyber Challenge reveals winning models for automated vulnerability discovery and patching A look at how the winning systems automated vulnerability discovery and patching.
- Cybersecurity Dive · Aug 8, 2025 DARPA touts value of AI-powered vulnerability detection as it announces competition winners Coverage of the winners and the competition's impact on autonomous vulnerability detection.
- Axios · Aug 13, 2024 Inside the U.S. competition to create AI security tools How teams developed autonomous systems to find and patch software vulnerabilities at DEF CON.
