Speaker: Prof. Giovanni Vigna
November 11, 2025 | 11:30 am
Politecnico di Milano, 2.1.5 Room (Bld. 2) Bruno Finzi
Piazza Leonardo da Vinci, 32
Contact: Prof. Stefano Zanero
Abstract
On November 11, 2025, at 11:30 am Prof. Giovanni Vigna will hold a Distinguished Lecture on "Autonomous Vulnerability Analysis, Triaging, and Repair: A Historical Perspective".The software components that support critical infrastructure are riddled with vulnerabilities, whose exploitation could cause service disruption, financial damage, and possibly loss of life.
Although there are efforts, such as OSS-Fuzz, to continuously analyze these components for vulnerabilities, some categories of security bugs are still hard to detect. In addition, the creation of testing harnesses and the generation of effective patches still require substantial effort from human experts.
To address these issues, researchers and practitioners alike have focused on automating the vulnerability analysis and repair process.
In particular, DARPA has supported these research efforts with two
challenges: the DARPA Cyber Grand Challenge (CGC) in 2016 and the AI Cyber Challenge (AIxCC) in 2025. In these two challenges, participants had to create Cyber Reasoning Systems (CRS) that, in different contexts, had to identify vulnerabilities, exploit them, and provide patches without any human involvement.
In this talk, we take a historical look at these efforts that span a decade, especially in light of the recent advances in Large Language Models (LLMs), and highlight the lessons learned from participating in these competitions, as well as the challenges that still need to be addressed to achieve a completely autonomous vulnerability analysis, triaging, and repair process.
Short Bio
Giovanni Vigna is a Professor in the Department of Computer Science at the University of California in Santa Barbara, and the director of the NSF AI Institute for Agent-based Cyber Threat Intelligence and Operation (ACTION) at UCSB. He was the CTO and co-founder of Lastline, Inc., a company that provides anti-malware solutions. Lastline was acquired by VMware, Inc., in June 2020, which, in turn, was acquired by Broadcom, Inc., in November 2023. Since then, Dr. Vigna leads the Threat Analysis Unit in the ANS business unit at Broadcom.His research interests include vulnerability assessment, malware analysis, the underground economy, the security of social networks, voting security and misinformation detection, and the applications of machine learning and artificial intelligence to security problems.
He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), of the IEEE Symposium on Security and Privacy (Oakland 2010-2011), and of the ACM Conference on Computer and Communications Security (CCS 2020-2021).
He is known for organizing and running, since 2003, a yearly educational Capture The Flag hacking contest, called iCTF, that every year involves dozens of teams around the world.
Giovanni Vigna is also the founder of the Shellphish hacking group, who has participated in more DEF CON CTF competitions than any other group in history.
Giovanni Vigna received his Ph.D. from Politecnico di Milano, Italy.
He is an IEEE Fellow and an ACM Fellow.