HMGCC Co-Creation Challenge: AI / Novel Technology Red Agent Penetration Testing
A challenge to further the security community’s understanding of AI or any novel technologies that have the capacity to penetration test secure IT environments.
Opportunity Details
When
Registration Opens
17/10/2024
Registration Closes
21/11/2024
Award
Budget of £60k per team to cover time, materials, overheads and other indirect expenses.
Organisation
HMGCC
Organisations and solution providers can apply for funding to: 1) undertake paper- based landscape mapping to evaluate the market maturity of AI or other novel technologies to operate as a ‘Red Agent’ penetration tester, and 2) provide a test environment and to subsequently undertake practical testing to evaluate the feasibility of AI or other novel technologies to operate as a ‘Red Agent’ penetration tester. HMGCC Co-Creation will provide funding for time, material, overheads and other indirect expenses.
Scripting based technologies are excluded as these are mature and available as commercial products.
This Co-Creation challenge aims to evaluate the readiness of the technologies, their capabilities and integration needs. This will be achieved by evaluating ease of adaption and integration. The challenge is being delivered across two workstreams delivered in parallel over 12 weeks.
Workstream details
One workstream will identify the capabilities of autonomous Red Agent tools, measuring them up in a paper-based assessment against the major factors involved in how they would be used. The second workstream will involve taking a small group of these tools forward (if they passed the initial workstream test) into an assessment of how they work in practice. We anticipate testing between 3 to 6 Red Agent tools. The results from both workstream tests will then be assessed together. Collaborative development might then be undertaken to help further test and improve the most promising tools where appropriate.
For workstream 1, HMGCC are looking for a Solution Provider (SP) with knowledge of AI and novel technology in the penetration testing domain. We would like this solution provider to identify current and future ‘Red Agent’ solutions and to develop an assessment framework – which will be used by the SP to evaluate these capabilities on paper.
For workstream 2, HMGCC are looking for a Solution Provider (SP) with knowledge of AI and novel technology in the penetration testing domain. We would like this solution provider to provide a test capability in which we will undertake practical experimentation with between 3-6 Red Agent tools. The SP would provide the IT test environment (potentially in the cloud), team and processes/procedures to test and report on the effectiveness of each capability. The Authority would instruct the SP which 3-6 Red Agent tools to install in the test environment as these are identified during the project. All work would be undertaken at a classification of OFFICIAL.
Who can apply?
This challenge is open to sole innovators, industry, academic and research organisations of all types and sizes, including those not traditionally associated with the defence and security sector. There is no requirement for security clearances.
Funding available
Organisations are being asked to apply if, over a 12 week period and with a budget of £60k, they can develop and demonstrate technology to meet this challenge. HMGCC Co-Creation will provide funding for time, materials, overheads and other indirect expenses.
Further information
For full details of the workstreams, projected working methods, technical requirements, example use cases, and a full scope, visit the Innovation Exchange site at the link below.