Paper
OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security
Authors
Andrew Chin, Dongkwan Kim, Yu-Fu Fu, Fabian Fleischer, Youngjoon Kim, HyungSeok Han, Cen Zhang, Brian Junekyu Lee, Hanqing Zhao, Taesoo Kim
Abstract
DARPA's AI Cyber Challenge (AIxCC) showed that cyber reasoning systems (CRSs) can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their original teams, each bound to the competition cloud infrastructure that no longer exists. We present OSS-CRS, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management. We ported the first-place system (Atlantis) and discovered 10 previously unknown bugs (three of high severity) across 8 OSS-Fuzz projects. OSS-CRS is publicly available.
Metadata
Related papers
Gen-Searcher: Reinforcing Agentic Search for Image Generation
Kaituo Feng, Manyuan Zhang, Shuang Chen, Yunlong Lin, Kaixuan Fan, Yilei Jian... • 2026-03-30
On-the-fly Repulsion in the Contextual Space for Rich Diversity in Diffusion Transformers
Omer Dahary, Benaya Koren, Daniel Garibi, Daniel Cohen-Or • 2026-03-30
Graphilosophy: Graph-Based Digital Humanities Computing with The Four Books
Minh-Thu Do, Quynh-Chau Le-Tran, Duc-Duy Nguyen-Mai, Thien-Trang Nguyen, Khan... • 2026-03-30
ParaSpeechCLAP: A Dual-Encoder Speech-Text Model for Rich Stylistic Language-Audio Pretraining
Anuj Diwan, Eunsol Choi, David Harwath • 2026-03-30
RAD-AI: Rethinking Architecture Documentation for AI-Augmented Ecosystems
Oliver Aleksander Larsen, Mahyar T. Moghaddam • 2026-03-30
Raw Data (Debug)
{
"raw_xml": "<entry>\n <id>http://arxiv.org/abs/2603.08566v1</id>\n <title>OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security</title>\n <updated>2026-03-09T16:26:33Z</updated>\n <link href='https://arxiv.org/abs/2603.08566v1' rel='alternate' type='text/html'/>\n <link href='https://arxiv.org/pdf/2603.08566v1' rel='related' title='pdf' type='application/pdf'/>\n <summary>DARPA's AI Cyber Challenge (AIxCC) showed that cyber reasoning systems (CRSs) can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their original teams, each bound to the competition cloud infrastructure that no longer exists. We present OSS-CRS, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management. We ported the first-place system (Atlantis) and discovered 10 previously unknown bugs (three of high severity) across 8 OSS-Fuzz projects. OSS-CRS is publicly available.</summary>\n <category scheme='http://arxiv.org/schemas/atom' term='cs.CR'/>\n <category scheme='http://arxiv.org/schemas/atom' term='cs.AI'/>\n <published>2026-03-09T16:26:33Z</published>\n <arxiv:comment>Version 1.0 (March 2026), OSS-CRS: an open-source framework for porting, deploying, and composing AIxCC cyber reasoning systems. Project page: https://github.com/sslab-gatech/oss-crs</arxiv:comment>\n <arxiv:primary_category term='cs.CR'/>\n <author>\n <name>Andrew Chin</name>\n </author>\n <author>\n <name>Dongkwan Kim</name>\n </author>\n <author>\n <name>Yu-Fu Fu</name>\n </author>\n <author>\n <name>Fabian Fleischer</name>\n </author>\n <author>\n <name>Youngjoon Kim</name>\n </author>\n <author>\n <name>HyungSeok Han</name>\n </author>\n <author>\n <name>Cen Zhang</name>\n </author>\n <author>\n <name>Brian Junekyu Lee</name>\n </author>\n <author>\n <name>Hanqing Zhao</name>\n </author>\n <author>\n <name>Taesoo Kim</name>\n </author>\n </entry>"
}