English
Related papers

Related papers: Agentic Fuzzing: Opportunities and Challenges

200 papers

Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs,…

Software Engineering · Computer Science 2020-09-14 Dongdong She , Rahul Krishna , Lu Yan , Suman Jana , Baishakhi Ray

Fuzzing is a technique of finding bugs by executing a software recurrently with a large number of abnormal inputs. Most of the existing fuzzers consider all parts of a software equally, and pay too much attention on how to improve the code…

Cryptography and Security · Computer Science 2019-01-07 Yuwei Li , Shouling Ji , Chenyang Lv , Yuan Chen , Jianhai Chen , Qinchen Gu , Chunming Wu

Greybox fuzzing is one of the most useful and effective techniques for the bug detection in large scale application programs. It uses minimal amount of instrumentation. American Fuzzy Lop (AFL) is a popular coverage based evolutionary…

Artificial Intelligence · Computer Science 2018-06-12 Ketan Patil , Aditya Kanade

Fuzz testing, or fuzzing, has become one of the de facto standard techniques for bug finding in the software industry. In general, fuzzing provides various inputs to the target program to discover unhandled exceptions and crashes. In…

Software Engineering · Computer Science 2021-09-20 Yifan Wang , Yuchen Zhang , Chengbin Pang , Peng Li , Nikolaos Triandopoulos , Jun Xu

Large Language Model (LLM) based agents integrated into web browsers (often called agentic AI browsers) offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks, where malicious instructions…

Cryptography and Security · Computer Science 2025-10-16 Avihay Cohen

Fuzzing is widely used for detecting bugs and vulnerabilities, with various techniques proposed to enhance its effectiveness. To combine the advantages of multiple technologies, researchers proposed ensemble fuzzing, which integrates…

Software Engineering · Computer Science 2025-07-31 Yukai Zhao , Shaohua Wang , Jue Wang , Xing Hu , Xin Xia

Critical open source software systems undergo significant validation in the form of lengthy fuzz campaigns. The fuzz campaigns typically conduct a biased random search over the domain of program inputs, to find inputs which crash the…

Cryptography and Security · Computer Science 2024-11-22 Yuntong Zhang , Jiawei Wang , Dominic Berzin , Martin Mirchev , Dongge Liu , Abhishek Arya , Oliver Chang , Abhik Roychoudhury

Fault Localization (FL) is an essential step during the debugging process. With the strong capabilities of code comprehension, the recent Large Language Models (LLMs) have demonstrated promising performance in diagnosing bugs in the code.…

Software Engineering · Computer Science 2025-02-25 Yihao Qin , Shangwen Wang , Yiling Lou , Jinhao Dong , Kaixin Wang , Xiaoling Li , Xiaoguang Mao

Collaborative fuzzing combines multiple individual fuzzers and dynamically chooses appropriate combinations for different programs. Unlike individual fuzzers that rely on specific assumptions, collaborative fuzzing relaxes assumptions on…

Cryptography and Security · Computer Science 2025-07-23 Wenxuan Shi , Hongwei Li , Jiahao Yu , Xinqian Sun , Wenbo Guo , Xinyu Xing

Static analyzers play a critical role in identifying bugs early in the software development lifecycle, but their rule implementations are often under-tested and prone to inconsistencies. To address this, we propose StaAgent, an agentic…

Software Engineering · Computer Science 2025-07-23 Elijah Nnorom , Md Basim Uddin Ahmed , Jiho Shin , Hung Viet Pham , Song Wang

Seed scheduling is a prominent factor in determining the yields of hybrid fuzzing. Existing hybrid fuzzers schedule seeds based on fixed heuristics that aim to predict input utilities. However, such heuristics are not generalizable as there…

Cryptography and Security · Computer Science 2020-07-23 Yaohui Chen , Mansour Ahmadi , Reza Mirzazade farkhani , Boyu Wang , Long Lu

Deep learning (DL) libraries, widely used in AI applications, often contain vulnerabilities like buffer overflows and use-after-free errors. Traditional fuzzing struggles with the complexity and API diversity of DL libraries such as…

Software Engineering · Computer Science 2025-01-09 Kunpeng Zhang , Shuai Wang , Jitao Han , Xiaogang Zhu , Xian Li , Shaohua Wang , Sheng Wen

Fuzzing is an effective bug-finding technique but it struggles with complex systems like JavaScript engines that demand precise grammatical input. Recently, researchers have adopted language models for context-aware mutation in fuzzing to…

Cryptography and Security · Computer Science 2024-02-20 Jueon Eom , Seyeon Jeong , Taekyoung Kwon

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models (LLMs) show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated…

Cryptography and Security · Computer Science 2026-05-22 Ze Sheng , Zhicheng Chen , Qingxiao Xu , Kewen Zhu , Jeff Huang

Context: Exhaustive fuzzing of modern JavaScript engines is infeasible due to the vast number of program states and execution paths. Coverage-guided fuzzers waste effort on low-risk inputs, often ignoring vulnerability-triggering ones that…

Software Engineering · Computer Science 2025-12-23 Kishan Kumar Ganguly , Tim Menzies

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

Greybox fuzzing has achieved success in revealing bugs and vulnerabilities in programs. However, randomized mutation strategies have limited the fuzzer's performance on structured data. Specialized fuzzers can handle complex structured…

Cryptography and Security · Computer Science 2026-03-18 Hongxiang Zhang , Yuyang Rong , Yifeng He , Hao Chen

Fuzz testing (fuzzing) is a well-known method for exposing bugs/vulnerabilities in software systems. Popular fuzzers, such as AFL, use a biased random search over the domain of program inputs, where 100s or 1000s of inputs (test cases) are…

Software Engineering · Computer Science 2023-08-02 Yuntong Zhang , Ridwan Shariffdeen , Gregory J. Duck , Jiaqi Tan , Abhik Roychoudhury

While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic…

Software Engineering · Computer Science 2026-02-13 Ziyi Yang , Kalit Inani , Keshav Kabra , Vima Gupta , Anand Padmanabha Iyer

Fuzzing is an important method to discover vulnerabilities in programs. Despite considerable progress in this area in the past years, measuring and comparing the effectiveness of fuzzers is still an open research question. In software…

Software Engineering · Computer Science 2023-07-26 Philipp Görz , Björn Mathis , Keno Hassler , Emre Güler , Thorsten Holz , Andreas Zeller , Rahul Gopinath