PromptFuzz uses AI to automatically generate security test code for software libraries, finding 1.6x more bugs than existing tools

Hacker News · April 25, 2026

AI Summary

•PromptFuzz is an open-source tool that generates test code by using an LLM (an AI that understands and generates text) to write programs designed to find bugs in software libraries. Version 1.0.0 was released in April 2026 with support for AFLPlusPlus, and recent updates (June 2025) upgraded to Clang/LLVM 18 and added support for any LLM via the OpenAI specification.
•The tool found 33 confirmed security bugs across major libraries (libaom, libvpx, libmagic, libTIFF, sqlite3, curl, and others) by exploring complex interactions between library functions. Test coverage reached 40.12%, which is 1.61x higher than OSS-Fuzz and 1.67x higher than Hopper — meaning it exercises significantly more of the library code and discovers issues competitors miss.
•For security teams and open-source maintainers, this means more vulnerabilities get caught automatically before reaching users. The bugs detected include memory leaks, buffer overflows, null pointer crashes, and integer overflows — the types of flaws that lead to real-world exploits. Three bugs (CVE-2023-6277, CVE-2023-52355, CVE-2023-52356) have already been assigned CVE identifiers, showing real-world impact.

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.