Results of the summarizing process for the arXiv paper: 2509.14589v1

In the Final Competition of DARPA's AI Cyber Challenge (AIxCC) at DEF CON 33 in August 2025, Team Atlanta emerged victorious with their cyber reasoning system, ATLANTIS. This system was designed to autonomously discover and patch vulnerabilities in software at the speed and scale demanded by modern technology. By integrating large language models (LLMs) with advanced program analysis techniques such as symbolic execution, directed fuzzing, and static analysis, ATLANTIS overcame existing limitations in automated vulnerability discovery and program repair. Developed collaboratively by researchers from Georgia Institute of Technology, Samsung Research, KAIST, and POSTECH, ATLANTIS tackled key challenges in cybersecurity. It successfully scaled across diverse codebases ranging from C to Java while maintaining high precision and broad coverage. The system excelled in producing semantically correct patches that preserved the intended behavior of the software. One notable component of ATLANTIS is BULLSEYE, a directed fuzzing tool that enhances vulnerability discovery. The system also includes infrastructure for sinkpoint-aware fuzzing loops, ensemble fuzzing techniques, sinkpoint identification and management strategies, distributed design elements, and a comprehensive component overview. ATLANTIS-Java further extends the capabilities of the system by incorporating LibAFL-based Jazzer tools for enhanced fuzzing capabilities. DEEPGENERATOR is utilized for generating deep learning models to improve sinkpoint-focused directed fuzzing efforts. Additionally, CodeQL-enhanced sink detection methods and static analysis techniques are employed for distance computation. The ExpKit module provides essential functionalities such as Sink Finder, Sink Manager, Path Finder, PoV Generator among others to enhance vulnerability detection and patch generation processes within ATLANTIS. Furthermore, the Multilang aspect of ATLANTIS introduces SymState for concolic execution purposes along with discussions on its implementation details. The Multilang-LLM-Agent (MLLA) component offers standalone functionality while shared utilities & libraries like FUNCTION TRACER and CODE RETRIEVER contribute to overall system efficiency. Lastly, core components like PRISM and MARTIAN agents play crucial roles in enhancing the performance of ATLANTIS through innovative workflows and key architectural concepts. The detailed architecture of these agents showcases how they interact within the broader framework of ATLANTIS to achieve optimal results in automated security practices.

• - Team Atlanta won the DARPA AI Cyber Challenge at DEF CON 33 with their cyber reasoning system, ATLANTIS
• - ATLANTIS autonomously discovers and patches vulnerabilities in software at high speed and scale
• - The system integrates large language models with advanced program analysis techniques like symbolic execution, directed fuzzing, and static analysis
• - Developed collaboratively by researchers from Georgia Tech, Samsung Research, KAIST, and POSTECH
• - ATLANTIS excels in scaling across diverse codebases while producing semantically correct patches
• - Notable components include BULLSEYE for directed fuzzing and DEEPGENERATOR for deep learning model generation
• - Infrastructure includes sinkpoint-aware fuzzing loops, ensemble techniques, distributed design elements, and comprehensive component overview
• - ATLANTIS-Java extends capabilities with LibAFL-based Jazzer tools
• - ExpKit module provides essential functionalities like Sink Finder, Path Finder, PoV Generator to enhance vulnerability detection and patch generation processes within ATLANTIS
• - Multilang aspect introduces SymState for concolic execution purposes along with shared utilities & libraries like FUNCTION TRACER and CODE RETRIEVER
• - Core components PRISM and MARTIAN agents play crucial roles in enhancing performance through innovative workflows

Summary- Team Atlanta won a big competition with their smart computer system called ATLANTIS. - ATLANTIS can find and fix problems in computer programs all by itself, really fast and for many programs at once. - It was made by smart people from different places working together. - ATLANTIS is good at fixing mistakes in different kinds of computer code while making sure the fixes make sense. - Some important parts of ATLANTIS are BULLSEYE for finding problems and DEEPGENERATOR for creating new learning tools. Definitions- DARPA: Defense Advanced Research Projects Agency - a government agency that funds research projects. - Cyber: Related to computers and technology. - Vulnerabilities: Weaknesses or flaws in software that can be exploited by hackers. - Semantically: In a way that makes sense based on meaning or context. - Fuzzing: A technique used to find bugs or vulnerabilities in software by inputting random data.

In the world of cybersecurity, staying ahead of potential threats is crucial to protecting sensitive information and preventing cyber attacks. With the rapid advancements in technology, traditional methods of vulnerability discovery and patching are no longer sufficient. This is where ATLANTIS comes in - a revolutionary cyber reasoning system developed by Team Atlanta that emerged victorious at DEF CON 33 in August 2025. ATLANTIS was designed to autonomously discover and patch vulnerabilities in software at the speed and scale demanded by modern technology. The system integrates large language models (LLMs) with advanced program analysis techniques such as symbolic execution, directed fuzzing, and static analysis to overcome existing limitations in automated vulnerability discovery and program repair. The development of ATLANTIS was a collaborative effort between researchers from Georgia Institute of Technology, Samsung Research, KAIST, and POSTECH. Together, they tackled key challenges in cybersecurity and created a system that excels in producing semantically correct patches while maintaining high precision and broad coverage across diverse codebases ranging from C to Java. One notable component of ATLANTIS is BULLSEYE - a directed fuzzing tool that enhances vulnerability discovery. It includes infrastructure for sinkpoint-aware fuzzing loops, ensemble fuzzing techniques, sinkpoint identification and management strategies, distributed design elements, and a comprehensive component overview. To further enhance its capabilities for Java codebases, ATLANTIS-Java incorporates LibAFL-based Jazzer tools for enhanced fuzzing capabilities. DEEPGENERATOR is also utilized for generating deep learning models to improve sinkpoint-focused directed fuzzing efforts. In addition to these components focused on vulnerability discovery through fuzz testing techniques, ATLANTIS also employs CodeQL-enhanced sink detection methods and static analysis techniques for distance computation. The ExpKit module provides essential functionalities such as Sink Finder, Sink Manager, Path Finder among others to enhance vulnerability detection processes within ATLANTIS. Furthermore, the Multilang aspect of ATLANTIS introduces SymState for concolic execution purposes along with discussions on its implementation details. The Multilang-LLM-Agent (MLLA) component offers standalone functionality while shared utilities and libraries like FUNCTION TRACER and CODE RETRIEVER contribute to overall system efficiency. The core components of ATLANTIS, PRISM and MARTIAN agents, play crucial roles in enhancing the performance of the system through innovative workflows and key architectural concepts. These agents showcase how they interact within the broader framework of ATLANTIS to achieve optimal results in automated security practices. In conclusion, Team Atlanta's cyber reasoning system, ATLANTIS, is a game-changer in the field of cybersecurity. With its advanced program analysis techniques and integration of large language models, it has overcome existing limitations in automated vulnerability discovery and program repair. Its success at DEF CON 33 highlights its capabilities in scaling across diverse codebases while maintaining high precision and broad coverage. As technology continues to evolve, systems like ATLANTIS will be essential in staying ahead of potential threats and protecting sensitive information from cyber attacks.