RTX’s BBN Technologies business has been awarded a contract from the US Defense Advanced Research Projects Agency (DARPA) to support its Intelligent Generation of Tools for Security (INGOTS) programme, RTX announced on 5 August 2025.
INGOTS aims to strengthen cyber security by developing advanced methods to identify and mitigate complex exploit chains, preventing their use in real-world attacks.
Exploit chains pose a growing threat, amplified by the increasing complexity and sophistication of cyber attacks. The US Cybersecurity & Infrastructure Secuirity Agency’s Exploited Vulnerabilities catalogue has surpassed 1,300 entries, with steady growth reflecting the increasing number of threats targeting essential services and networks. Despite this rising threat, current assessment methods rely heavily on manual analysis, requiring significant expertise and time. INGOTS thus seeks to address this challenge by automating the creation, modification, modeling and analysis of exploit chains to enable faster and more effective security interventions.
“Effectively countering exploit chains requires more than just identifying individual vulnerabilities. It demands a system that can replicate real-world attack scenarios and anticipate potential risks before they are exploited,” Jack Dietz, BBN principal investigator, was quoted as saying in a RTX press release.
To support this effort, BBN will apply its expertise in testbed architecture to develop the System Test of Android at Large-scale Accelerating Generation and Modeling for INGOTS Test and Evaluation (STALAGMITE). This system will serve as a comprehensive platform for testing and evaluating exploit analysis tools, offering key capabilities such as:
- Accurate real-world simulations: high-fidelity testing in combined virtual and physical environments ensures realistic assessments of Android vulnerabilities in a secure and controlled setting;
- Proactive threat responses: seamless integration of INGOTS components enabling security teams to anticipate and mitigate potential attacks, enhancing preparedness against emerging threats;
- Efficient security research: a robust environment for reproducible, automated testing advances research in software vulnerabilities and countermeasures, improving operating system and application security.
“Today’s manual methods for assessing exploitability are costly, time consuming and lack scalability and efficiency,” said Dietz. “We aim to alleviate this burden from security professionals by accelerating the automatic identification of security risks across various devices and configurations using precise testing and measurement to strengthen overall cyber security defences.”
While the programme focuses on the Android ecosystem, the methodologies and technologies developed under INGOTS are expected to have far-reaching applications across the personal, business, government and military sectors.
The BBN-led team includes Assured Information Security. Work on the programme will be completed in Cambridge, Massachusetts; Columbia, Maryland; and Rome, New York.
