This work addresses the limited deployability of existing AI-assisted code completion (AIxCC) competition systems—particularly the champion system Atlantis—in real-world open-source software (OSS) projects, primarily due to their reliance on deprecated cloud infrastructure. To bridge this gap, we propose OSS-CRS, an open and locally deployable framework that enables the first practical porting and application of Atlantis into general OSS environments. OSS-CRS supports the integration and composition of diverse code reasoning system (CRS) techniques and incorporates a resource budget-aware mechanism tailored to realistic development constraints. Experimental evaluation demonstrates that OSS-CRS successfully uncovers 10 previously unknown vulnerabilities—including three high-severity flaws—across eight OSS-Fuzz benchmark projects. The framework is publicly released, significantly advancing the transition of CRS technologies from competitive prototypes to real-world utility.

DARPA's AI Cyber Challenge (AIxCC) showed that cyber reasoning systems (CRSs) can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their original teams, each bound to the competition cloud infrastructure that no longer exists. We present OSS-CRS, an open, locally deployable framework for running and combining CRS techniques against real-world open-source projects, with budget-aware resource management. We ported the first-place system (Atlantis) and discovered 10 previously unknown bugs (three of high severity) across 8 OSS-Fuzz projects. OSS-CRS is publicly available.