Artificial intelligence (AI) is a powerful technology that helps cybersecurity teams automate
repetitive tasks, accelerate threat detection and response, and improve the accuracy of their …

Fuzz testing (fuzzing) has witnessed its prosperity in detecting security flaws recently. It
generates a large number of test cases and monitors the executions for defects. Fuzzing has …

Machine learning (ML) systems are rapidly increasing in size, are acquiring new
capabilities, and are increasingly deployed in high-stakes settings. As with other powerful …

Automated detection of software vulnerabilities is a fundamental problem in software
security. Existing program analysis techniques either suffer from high false positives or false …

Large language models (LLMs) have demonstrated significant potential in various tasks,
including vulnerability detection. However, current efforts in this area are preliminary, lacking …

Unlike coverage-based fuzzing that gives equal attention to every part of a code, directed
fuzzing aims to direct a fuzzer to a specific target in the code, eg, the code with potential …

Data flow analysis (eg, dynamic taint analysis) has proven to be useful for guiding fuzzers to
explore hard-to-reach code and find vulnerabilities. However, traditional taint analysis is …

One of the key questions when fuzzing is where to look for vulnerabilities. Coverage-guided
fuzzers indiscriminately optimize for covering as much code as possible given that bug …

AI has provided us with the ability to automate tasks, extract information from vast amounts of
data, and synthesize media that is nearly indistinguishable from the real thing. However …

This paper introduces RESTler, the first stateful REST API fuzzer. RESTler analyzes the API
specification of a cloud service and generates sequences of requests that automatically test …