🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Our LLM work has found an out-of-bounds read in OpenSSL!

Project Zero blog: LLMs find 0days now! 👀 And: our fuzzer setup did *not* reproduce it! googleprojectzero.blogspot.com/2024/10/from-n…

XBOW found a critical auth bypass (CVE-2024-50334) in a widely-used open-source Q&A site, fully autonomously! Nico Waisman and I wrote up a post walking through the methodology it used – IMO it's a super cool bug and fascinating trace

On the heels of Google’s ‘Big Sleep’ AI discovery of a real-world vulnerability, our OSS-Fuzz team identified and reported 26 vulnerabilities to open-source project maintainers by using AI-generated and enhanced fuzz targets. Read more here: security.googleblog.com/2024/11/leveli…

LLMs are just a special case of fuzzing btw.

🤖 The latest in LLM-powered fuzzing from Google 26 new vulns so far, 1 in OpenSSL The LLM can draft a fuzz target, fix compilation issues, run it & fix runtime issues, & triage crashes New improvements & future work 👇 By Oliver Chang, Jonathan Metzman security.googleblog.com/2024/11/leveli…

📚 tl;dr sec 258 🤖 Google's AI-powered Fuzzing Oliver Chang, Jonathan Metzman ☁️ What Hackers know about your AWS Account Daniel Grzelak 🔬 Finding vulns in EDR Neodyme ☁️ How to use AWS Resource Control Policies Scott Piper 🤖 Augmenting SAST with AI and more! tldrsec.com/p/tldr-sec-258

My LLM analyzed a vulnerability in a Linux library and even created a PoC! This is expected to be used in Browser's Sandbox Escape as well. (Actually accessible) We will make this tool available for Android and browsers too! Actually my LLM was able to find several successful

If I was still a PhD, I would definitely take this opportunity. So much opportunity for real impact!

The original link I posted for the OSS-Fuzz PhD internship was wrong, sorry to folks who applied to the research intern position. Please re-apply to the one below. The correct one is for the SWE intern position. 🤦

ICLR'25 Spotlight 🤩 (5% of accepted papers) -- for a topic we've just been nerding out on. Congrats Seongmin! 🎉 📝 mpi-softsec.github.io/papers/ICLR25-…

#FUZZING'25 CALL FOR PAPERS ────── ✨ New OC members: Ruijie Meng (NUS) + Rohan Padhye (Rohan Padhye; CMU). ✨ New paper type: Fuzzing Nuggets (short papers). 🔗 fuzzingworkshop.github.io 📅 20. March (Submission) //cc @YannicNoller (RUB), László Szekeres (László Szekeres; Google)

Auto generating #fuzzing harnesses by way of program analysis and #LLMs! New blog post "Minimal LLM-based fuzz harness generator": adalogics.com/blog/minimal-l… We show how you can generate a sophisticated fuzz harness synthesis tool with a few lines of code.

honggfuzz alive and kicking. stack based buffer overflow in libxml2 - issues.oss-fuzz.com/issues/3926870…

you're not allowed to write comments in your code anymore, because if you do everyone will just think it's ai generated.