Proposal: Security Assessment from Team Atlanta (DARPA AIxCC)
29 views
Skip to first unread message
Cen Zhang
Nov 25, 2025, 1:02:11 AM (5 days ago) Nov 25
to H2 Database
Hi H2 Database developers,
We ([LeeSinLiang](https://github.com/LeeSinLiang), and [Cen Zhang](https://github.com/occia), and a lot of our team members) are Team Atlanta from Georgia Institute of Technology, winners of DARPA's AI Cyber Challenge (AIxCC). We're reaching out to propose a security assessment collaboration with your project. This effort is recommended by DARPA's initiative to apply competition technologies to real-world open source projects.
#### Background
We have built an AI-enhanced CRS (Cyber Reasoning System) for automatic vulnerability detection and repair.
- AIxCC Competition: https://aicyberchallenge.com/
- Our Team: https://team-atlanta.github.io/
#### What we plan to provide
- OSS-Fuzz Integration:
- If your project isn't yet supported by [OSS-Fuzz](https://github.com/google/oss-fuzz), we'll develop compatible fuzzing harnesses to enable its integration. This can make our system applicable to your project.
- Security Assessment:
- We'll run assessments locally on our infrastructure (no changes/efforts from your side) to identify potential vulnerabilities and synthesize corresponding patches.
- Detailed Reports:
- For any findings, we'll provide reports including: 1) identified vulnerabilities and explanations, 2) the proof-of-concept (PoC) to trigger those vulnerabilities, and 3) corresponding patches.
- Responsible Disclosure:
- We'll follow your preferred reporting channels (private email, OSS-Fuzz bug report system, or whatever channel you prefer) and coordinate disclosure timelines with your team. Note that **all findings will be further manually validated by our researchers before reporting to ensure quality and accuracy**.
#### What we need
A brief acknowledgment confirming your willingness to collaborate. This will serve as approval for our assessment plans.
Looking forward to your response and please let me know for any further issues/concerns!
Best Regards,
#### Background
We have built an AI-enhanced CRS (Cyber Reasoning System) for automatic vulnerability detection and repair.
- AIxCC Competition: https://aicyberchallenge.com/
- Our Team: https://team-atlanta.github.io/
#### What we plan to provide
- OSS-Fuzz Integration:
- If your project isn't yet supported by [OSS-Fuzz](https://github.com/google/oss-fuzz), we'll develop compatible fuzzing harnesses to enable its integration. This can make our system applicable to your project.
- Security Assessment:
- We'll run assessments locally on our infrastructure (no changes/efforts from your side) to identify potential vulnerabilities and synthesize corresponding patches.
- Detailed Reports:
- For any findings, we'll provide reports including: 1) identified vulnerabilities and explanations, 2) the proof-of-concept (PoC) to trigger those vulnerabilities, and 3) corresponding patches.
- Responsible Disclosure:
- We'll follow your preferred reporting channels (private email, OSS-Fuzz bug report system, or whatever channel you prefer) and coordinate disclosure timelines with your team. Note that **all findings will be further manually validated by our researchers before reporting to ensure quality and accuracy**.
#### What we need
A brief acknowledgment confirming your willingness to collaborate. This will serve as approval for our assessment plans.
Looking forward to your response and please let me know for any further issues/concerns!
Best Regards,
Cen
Reply all
Reply to author
Forward
0 new messages