HMGCC Co-Creation Challenge: Smart Personal Assistant for Security Researchers
Summary of Challenge
Can you help us unlock faster, smarter vulnerability insights?
When machinery is procured to support national security and defence it has to be thoroughly checked for security vulnerabilities — and those vulnerabilities need to be understood and addressed. The work depends on highly skilled security researchers who assess vulnerabilities and advise on mitigations. But before the expert analysis can begin, there’s a significant bottleneck: finding, indexing and understanding the vast amount of open-source technical information that exists about complex industrial machinery.
HMGCC Co-Creation are launching this challenge to develop a software tool to Technology Readiness Level 6, that works without an internet connection and can assist a security researcher to index, search and understand vast quantities of data faster, enabling faster decision making.
HMGCC Co-Creation will provide funding for time, materials, overheads and other indirect expenses for successful applicants.
Context of Challenge
National security organisations undertake sensitive activities but also depend on complex supply chains to acquire and maintain the technology they need to operate. As part of that, security researchers carry out detailed tear-downs examining software, hardware and data components to identify possible vulnerabilities.
The first stage of this process is research. When a security researcher is tasked to examine a new product, particularly in the context of industrial control systems, they need to draw on open-source information at a micro-component level, such as technical specifications, datasheets, schematics and technical forum discussions. It is laborious and takes time that could be better spent on the analysis itself.
This challenge is about changing that. We believe that human-machine teaming offers a real opportunity to reduce the research burden. Specifically, we are looking for a system that can do three things:
- Index both structured and unstructured technical information about a product and its components.
- Generate a clear technical summary of the product and its individual components.
- Allow the researcher to ask natural-language questions about the product and explore the information interactively, adapting their line of investigation as new information emerges.
The Gap
Industrial control systems can be highly complex and thus time consuming to index and query related information. Complexities can arise from the following:
- Products vary significantly, meaning there is no one size fits all.
- There can be multiple product versions with varied components and software updates.
- Security researchers rely on their experience, processes and trusted sources, such as information directly from the vendor and trusted online forums.
- A chain of trust is formed from:
- Physical components such as filters, fuses, processors and memory sensors.
- Software across a range of forms including source code or binary for multiple different processors and operating systems in the same product.
Dates
- Competition opens: Monday 16 March 2026
- Briefing Call: Friday 17 April 2026 at 10am
- Clarifying questions deadline: Friday 17 April 2026
- Clarifying questions published: Tuesday 28 April 2026
- Competition closes: Thursday 7 May 2026
- Applicants notified: Friday 22 May 2026
- Pitch Day: Tuesday 2 June 2026
- Pitch Day Outcome: Monday 8 June 2026
- Commercial Onboarding begins*: Friday 12 June 2026
- Target Project Kick-Off: July 2026
*Please note, the successful solution provider will be expected to have availability for a one hour onboarding call via MS Teams on the date specified to begin the onboarding/contractual process.
Clarifying questions or general requests for assistance can be submitted directly to co-creation@dstl.gov.uk and cocreation@hmgcc.gov.uk before the deadline with the challenge title as the subject. These clarifying questions may be technical, procedural, or commercial in subject, or anything else where assistance is required. Please note that answered questions will be published to facilitate a fair and open competition.
Eligibility
This challenge is open to sole innovators, industry, academic and research organisations of all types and sizes. There is no requirement for security clearances.
Solution providers or direct collaboration from countries listed by the UK government under trade sanctions and/or arms embargoes, are not eligible for HMGCC Co-Creation challenges.
How to Apply
Please submit your application on the HMGCC Co-Creation website. Any queries please email Co-Creation@dstl.gov.uk and cocreation@hmgcc.gov.uk.
All information you provide to us as part of your application will be handled in confidence.
Applications must be no more than six pages or six slides in length. HMGCC Co-Creation reserves the right to stop reading after six pages if this limit is breached. The page/slide limit excludes title pages, references, personnel CVs and organisational profiles.
There is no prescribed application format, however, please ensure your application includes the following:
- Applicant details: Contact name, organisation details, and registration number
- Scope: Describe how the project aligns to the challenge scope
- Innovation: Describe the innovation and technology intended to be delivered in the project, along with new IP that will be generated or existing IP that can be used
- Deliverables: Describe the project outcomes and their impact
- Timescale: Detail how a minimum viable product will be achieved within the project duration
- Budget: Provide project finances against deliverables within the project duration
- Team: Key personnel CVs and expertise, organisational profile if applicable