Leveling Up Fuzzing: Finding more vulnerabilities with AI

Google's OSS-Fuzz team reports that AI-powered fuzzing using LLM-generated and enhanced fuzz targets increased coverage across 272 C/C++ projects (adding 370k+ lines) and discovered 26 new vulnerabilities — most notably CVE-2024-9143 in the critical OpenSSL library — and describes improvements (richer prompt context, iterative developer-like workflows, and new indexing infrastructure) that enabled these results.