FuzzAgent: Multi-Agent System for Evolutionary Library Fuzzing

Library fuzzing is essential for hardening the software supply chain, but adopting it at scale remains expensive. Practitioners still spend substantial effort on environment setup, struggle to generate harnesses that respect intricate API constraints, and lack reliable means to tell genuine libra...

SDLLMFuzz: Dynamic-Static LLM-Assisted Greybox Fuzzing for Structured Input Programs

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on mutation-based strategies and coarse-grained coverage feedbac...

Multi-Agent Collaborative Fuzzing with Continuous Reflection for Smart Contracts Vulnerability Detection

Fuzzing is a widely used technique for detecting vulnerabilities in smart contracts, which generates transaction sequences to explore the execution paths of smart contracts. However, existing fuzzers are falling short in detecting sophisticated vulnerabilities that require specific attack...

BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications

Broken Access Control BAC remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored in automated testing due to key challenges: the lack of...