FuzzingBrain

// DARPA AIxCC FINALIST · OPEN SOURCE

From zero-day to merged patch, autonomously.

FuzzingBrain is a Cyber Reasoning System that finds, proves, and fixes security bugs without humans in the loop — 124 zero-day vulnerabilities reported across 53 open source projects, 82 already patched upstream.

View Public Disclosures Source Code Leaderboard

124 // vulns_reported

53 // projects_targeted

82 // patches_merged

fuzzingbrain — ~/crs

$ fuzzingbrain run --target libxml2 --strategy delta-scan
static resolving call paths · 1,284 reachable fns
llm claude · gpt · gemini — 23 strategies engaged
fuzz generating PoV inputs · coverage 71.3%
crash SIGSEGV @ xmlParseEntityDecl — heap-overflow
pov reproduced ✓  00:04:12
patch XPatch candidate generated · validated ✓
merged upstream PR opened → MERGED ✓

// 01 — SYSTEM

What FuzzingBrain does

An end-to-end pipeline that reasons about code, proves vulnerabilities, and ships fixes — autonomously.

Autonomous Detection

Automatically generates Proofs-of-Vulnerability (PoVs) and produces patches for discovered security issues — no human intervention required.

LLM-Powered

Leverages 23 distinct LLM-based strategies across frontier models from Anthropic, Google, and OpenAI for comprehensive analysis.

Massively Parallel

Deployed across ~100 VMs with thousands of concurrent threads, enabling rapid vulnerability discovery and patch generation.

// 02 — ARCHITECTURE

Technical approach

Four services, running in parallel

CRS Web Service Central coordinator for task decomposition and fuzzer distribution
Static Analysis Function metadata, reachability, and call-path analysis
Worker Services Parallel PoV generation and patching strategies
Submission Service Deduplication, SARIF validation, and bundling

PoV Generation

delta-scan full-scan sarif-based

10 LLM-based strategies for vulnerability discovery, from iterative refinement to multi-input generation with coverage feedback.

Patching

multi-model xpatch path-aware

13 patching strategies including our novel XPatch approach that generates patches even without a PoV.

Key technical innovations

Iterative LLM Refinement

Multi-turn dialogue with structured feedback loops incorporating execution results and coverage data.

Multi-Model Fallback

Resilient architecture with automatic model switching when individual LLMs fail or reach limits.

Static / Dynamic Integration

Call paths, reachability, and real-time coverage feedback guide vulnerability discovery.

// 03 — RESULTS

Proven in competition and in the wild

124
Reported Upstream
Across 53 open source projects

Patches Merged

Fixed in upstream releases

<5%

False Positive Rate

4-principle verification

// affected_projects

CUPS Ghidra OpenLDAP Apache Avro ImageMagick simdutf UPX BlueZ

View all 74 public disclosures Read the full report

Performance insights

Speed

Sub-5-minute first findings on multiple targets.

Effectiveness

AI-generated harnesses found bugs in 26 of 26 targeted projects.

Scalability

Scaled from competition VMs to continuous open source fuzzing.

// 04 — TEAM

Research team

Ze Sheng

Texas A&M University

Qingxiao Xu

Texas A&M University

Zhicheng Chen

Texas A&M University

Jianwei Huang

Texas A&M University

Matthew Woodcock

Texas A&M University

Heqing Huang

City University of Hong Kong

Alastair F. Donaldson

Imperial College London

Guofei Gu

Texas A&M University

Jeff Huang

Team Lead

Texas A&M University

// 05 — RESOURCES

From zero-day to merged patch, autonomously.

What FuzzingBrain does

Autonomous Detection

LLM-Powered

Massively Parallel

Technical approach

Four services, running in parallel

PoV Generation

Patching

Key technical innovations

Iterative LLM Refinement

Multi-Model Fallback

Static / Dynamic Integration

Proven in competition and in the wild

Performance insights

Speed

Effectiveness

Scalability

Research team

Ze Sheng

Qingxiao Xu

Zhicheng Chen

Jianwei Huang

Matthew Woodcock

Heqing Huang

Alastair F. Donaldson

Guofei Gu

Jeff Huang

Open source & resources

FuzzingBrain CRS

LLM Leaderboard

Technical Paper