Buttercup is now open-source
16 days ago
- #AI
- #cybersecurity
- #open-source
- Buttercup, a CRS (Cyber Reasoning System), is now open-source after Trail of Bits won second place in DARPA’s AI Cyber Challenge (AIxCC).
- A standalone version of Buttercup has been created to run on a typical laptop, optimized for individual projects.
- Buttercup is an AI-driven system for discovering and patching vulnerabilities in open-source software, with four main components: Orchestration/UI, Vulnerability discovery, Contextual analysis, and Patch generation.
- The system works by fuzzing programs to find vulnerabilities, analyzing them with static tools, and generating patches using multiple AI agents.
- To get started, users need an x86-64 Linux system (partially supports ARM64), at least 8 CPU cores, 16GB RAM, 100GB disk space, and an API key for an LLM provider.
- Buttercup’s setup involves cloning the repository, installing system packages, and running simple terminal commands.
- Future plans include upgrading and maintaining the standalone version, with contributions welcome from the community.
- Versions submitted to AIxCC semifinal and final rounds are also open-sourced but not actively maintained.