English

Orion: Fuzzing Workflow Automation

Software Engineering 2025-09-19 v1 Artificial Intelligence Cryptography and Security

Abstract

Fuzz testing is one of the most effective techniques for finding software vulnerabilities. While modern fuzzers can generate inputs and monitor executions automatically, the overall workflow, from analyzing a codebase, to configuring harnesses, to triaging results, still requires substantial manual effort. Prior attempts focused on single stages such as harness synthesis or input minimization, leaving researchers to manually connect the pieces into a complete fuzzing campaign. We introduce Orion, a framework that automates the the manual bottlenecks of fuzzing by integrating LLM reasoning with traditional tools, allowing campaigns to scale to settings where human effort alone was impractical. Orion uses LLMs for code reasoning and semantic guidance, while relying on deterministic tools for verification, iterative refinement, and tasks that require precision. Across our benchmark suite, Orion reduces human effort by 46-204x depending on the workflow stage, and we demonstrate its effectiveness through the discovery of two previously unknown vulnerabilities in the widely used open-source clib library.

Keywords

Cite

@article{arxiv.2509.15195,
  title  = {Orion: Fuzzing Workflow Automation},
  author = {Max Bazalii and Marius Fleischer},
  journal= {arXiv preprint arXiv:2509.15195},
  year   = {2025}
}

Comments

11 pages, 3 figures, 3 tables

R2 v1 2026-07-01T05:44:25.868Z