ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System

No ratings

Presented at Power of Community 2025 by

Woosun Song

In DARPA’s Artificial Intelligence Cyber Challenge (AIxCC), Team Atlanta demonstrated exceptional skills in both bug-finding and patching real-world software written in C/C++ and Java. The results of this competition demonstrate that Large Language Models (LLMs) are indeed capable of and helpful for finding complex software vulnerabilities, as evidenced by the discovery of four 0-day vulnerabilities during the competition. In this talk, we will discuss the bug-finding aspect of ATLANTIS, our Cyber Reasoning System (CRS) that won the competition. We will first discuss the interesting design decisions behind our CRS architecture and how those choices contributed to language-agnosticism, LLM integration, and efficient resource utilization. Next, we will discuss how we designed our LLM agents for bug-finding. Finally, we will look at some of the real-world vulnerabilities we discovered during the competition and outline our current efforts to extend ATLANTIS beyond the competition scope.