AIToday

PromptFuzz uses AI to automatically generate security test code for software libraries, finding 1.6x more bugs than existing tools

Hacker NewsApr 25, 20262 min read
PromptFuzz uses AI to automatically generate security test code for software libraries, finding 1.6x more bugs than existing tools

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. PromptFuzz is an open-source tool that generates test code by using an LLM (an AI that understands and generates text) to write programs designed to find bugs in software libraries. Version 1.0.0 was released in April 2026 with support for AFLPlusPlus, and recent updates (June 2025) upgraded to Clang/LLVM 18 and added support for any LLM via the OpenAI specification.

  2. The tool found 33 confirmed security bugs across major libraries (libaom, libvpx, libmagic, libTIFF, sqlite3, curl, and others) by exploring complex interactions between library functions. Test coverage reached 40.12%, which is 1.61x higher than OSS-Fuzz and 1.67x higher than Hopper — meaning it exercises significantly more of the library code and discovers issues competitors miss.

  3. For security teams and open-source maintainers, this means more vulnerabilities get caught automatically before reaching users. The bugs detected include memory leaks, buffer overflows, null pointer crashes, and integer overflows — the types of flaws that lead to real-world exploits. Three bugs (CVE-2023-6277, CVE-2023-52355, CVE-2023-52356) have already been assigned CVE identifiers, showing real-world impact.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →