#fuzzing — Public Fediverse posts

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

Fuzzing finds bugs in Rust code - reliably so. But async Rust has largely stayed out of reach with its complexity making it hard for fuzzers to explore meaningfully.

At Oxidize 2026, Morgan Hill (@pcwizz) walks through what it takes to actually fuzz async Rust: the naive approaches that don't work, and an involved technique that does - involving LibAFL, user mode QEMU, and a fair amount of head scratching.

🔗 https://oxidizeconf.com/sessions/awaiting_exploitation

#Oxidize2026 #RustLang #Fuzzing #SecurityResearch #AsyncRust

Introducing gosentry, a security-focused fork of the Go toolchain, integrating numerous features for state-of-the-art Fuzzing campaigns on Go codebases - Blog post by Trail of Bits @trailofbits #Infosec #Fuzzing #Golang https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./

Introducing gosentry, a security-focused fork of the Go toolchain, integrating numerous features for state-of-the-art Fuzzing campaigns on Go codebases - Blog post by Trail of Bits @trailofbits #Infosec #Fuzzing #Golang https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./

Introducing gosentry, a security-focused fork of the Go toolchain, integrating numerous features for state-of-the-art Fuzzing campaigns on Go codebases - Blog post by Trail of Bits @trailofbits #Infosec #Fuzzing #Golang https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./

Introducing gosentry, a security-focused fork of the Go toolchain, integrating numerous features for state-of-the-art Fuzzing campaigns on Go codebases - Blog post by Trail of Bits @trailofbits #Infosec #Fuzzing #Golang https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./

Introducing gosentry, a security-focused fork of the Go toolchain, integrating numerous features for state-of-the-art Fuzzing campaigns on Go codebases - Blog post by Trail of Bits @trailofbits #Infosec #Fuzzing #Golang https://blog.trailofbits.com/2026/05/12/go-fuzzing-was-missing-half-the-toolkit.-we-forked-the-toolchain-to-fix-it./

Oh nice, 7 hours ago someone opened a PR to fix this:

https://go-review.googlesource.com/c/go/+/774140

#Golang #Fuzzing

Oh nice, 7 hours ago someone opened a PR to fix this:

https://go-review.googlesource.com/c/go/+/774140

#Golang #Fuzzing

Oh nice, 7 hours ago someone opened a PR to fix this:

https://go-review.googlesource.com/c/go/+/774140

#Golang #Fuzzing

Oh nice, 7 hours ago someone opened a PR to fix this:

https://go-review.googlesource.com/c/go/+/774140

#Golang #Fuzzing

Oh nice, 7 hours ago someone opened a PR to fix this:

https://go-review.googlesource.com/c/go/+/774140

#Golang #Fuzzing

I can't imagine there are many of you, but if you fuzz in Golang, use the fuzztime arg, and keep running into context deadline exceeded killing the fuzz run could you please go add a thumbs up to the following GH issue?

https://github.com/golang/go/issues/75804

#Golang #Fuzzing

I can't imagine there are many of you, but if you fuzz in Golang, use the fuzztime arg, and keep running into context deadline exceeded killing the fuzz run could you please go add a thumbs up to the following GH issue?

https://github.com/golang/go/issues/75804

#Golang #Fuzzing

I can't imagine there are many of you, but if you fuzz in Golang, use the fuzztime arg, and keep running into context deadline exceeded killing the fuzz run could you please go add a thumbs up to the following GH issue?

https://github.com/golang/go/issues/75804

#Golang #Fuzzing

I can't imagine there are many of you, but if you fuzz in Golang, use the fuzztime arg, and keep running into context deadline exceeded killing the fuzz run could you please go add a thumbs up to the following GH issue?

https://github.com/golang/go/issues/75804

#Golang #Fuzzing

I can't imagine there are many of you, but if you fuzz in Golang, use the fuzztime arg, and keep running into context deadline exceeded killing the fuzz run could you please go add a thumbs up to the following GH issue?

https://github.com/golang/go/issues/75804

#Golang #Fuzzing

In Golang you can fuzz your code in 32bit mode on amd64 machines. You do this by prepending GOARCH=386 to your go test call, just like you'd set GOARCH for any other task.

The reason might want to do this is that certain variable types, such as int are smaller on 32bit platforms. For example, on 32bit platforms int is generally int32 (-2147483648 to 2147483647) and on 64 bit platforms int is int64 (-9223372036854775808 to 9223372036854775807).

This matters because you are more likely to overflow an int32 value than an int64. For folks parsing untrusted data which specifies field length you could end up reading a large "field length" value that, when combined with some offset overflows the value of int. The resulting value would pass a check like if offset+fieldLen < len(data) due to being negative or just smaller than offset but still be invalid in the context of the data.

Fuzzing in 32bit mode makes it much easier to trigger these errors.

A caveat, fuzzing with GOARCH=386 will be slower because there is no coverage guidance for the fuzzer on this arch.

Note that you can't do 32 bit fuzzing on Apple Silicon machines since there is only one GOARCH for them which is arm64. I tend to do my fuzzing on Intel based machine running Linux.

#Golang #Fuzzing #Security

In Golang you can fuzz your code in 32bit mode on amd64 machines. You do this by prepending GOARCH=386 to your go test call, just like you'd set GOARCH for any other task.

The reason might want to do this is that certain variable types, such as int are smaller on 32bit platforms. For example, on 32bit platforms int is generally int32 (-2147483648 to 2147483647) and on 64 bit platforms int is int64 (-9223372036854775808 to 9223372036854775807).

This matters because you are more likely to overflow an int32 value than an int64. For folks parsing untrusted data which specifies field length you could end up reading a large "field length" value that, when combined with some offset overflows the value of int. The resulting value would pass a check like if offset+fieldLen < len(data) due to being negative or just smaller than offset but still be invalid in the context of the data.

Fuzzing in 32bit mode makes it much easier to trigger these errors.

A caveat, fuzzing with GOARCH=386 will be slower because there is no coverage guidance for the fuzzer on this arch.

Note that you can't do 32 bit fuzzing on Apple Silicon machines since there is only one GOARCH for them which is arm64. I tend to do my fuzzing on Intel based machine running Linux.

#Golang #Fuzzing #Security

In Golang you can fuzz your code in 32bit mode on amd64 machines. You do this by prepending GOARCH=386 to your go test call, just like you'd set GOARCH for any other task.

The reason might want to do this is that certain variable types, such as int are smaller on 32bit platforms. For example, on 32bit platforms int is generally int32 (-2147483648 to 2147483647) and on 64 bit platforms int is int64 (-9223372036854775808 to 9223372036854775807).

This matters because you are more likely to overflow an int32 value than an int64. For folks parsing untrusted data which specifies field length you could end up reading a large "field length" value that, when combined with some offset overflows the value of int. The resulting value would pass a check like if offset+fieldLen < len(data) due to being negative or just smaller than offset but still be invalid in the context of the data.

Fuzzing in 32bit mode makes it much easier to trigger these errors.

A caveat, fuzzing with GOARCH=386 will be slower because there is no coverage guidance for the fuzzer on this arch.

Note that you can't do 32 bit fuzzing on Apple Silicon machines since there is only one GOARCH for them which is arm64. I tend to do my fuzzing on Intel based machine running Linux.

#Golang #Fuzzing #Security

In Golang you can fuzz your code in 32bit mode on amd64 machines. You do this by prepending GOARCH=386 to your go test call, just like you'd set GOARCH for any other task.

The reason might want to do this is that certain variable types, such as int are smaller on 32bit platforms. For example, on 32bit platforms int is generally int32 (-2147483648 to 2147483647) and on 64 bit platforms int is int64 (-9223372036854775808 to 9223372036854775807).

This matters because you are more likely to overflow an int32 value than an int64. For folks parsing untrusted data which specifies field length you could end up reading a large "field length" value that, when combined with some offset overflows the value of int. The resulting value would pass a check like if offset+fieldLen < len(data) due to being negative or just smaller than offset but still be invalid in the context of the data.

Fuzzing in 32bit mode makes it much easier to trigger these errors.

A caveat, fuzzing with GOARCH=386 will be slower because there is no coverage guidance for the fuzzer on this arch.

Note that you can't do 32 bit fuzzing on Apple Silicon machines since there is only one GOARCH for them which is arm64. I tend to do my fuzzing on Intel based machine running Linux.

#Golang #Fuzzing #Security

In Golang you can fuzz your code in 32bit mode on amd64 machines. You do this by prepending GOARCH=386 to your go test call, just like you'd set GOARCH for any other task.

The reason might want to do this is that certain variable types, such as int are smaller on 32bit platforms. For example, on 32bit platforms int is generally int32 (-2147483648 to 2147483647) and on 64 bit platforms int is int64 (-9223372036854775808 to 9223372036854775807).

This matters because you are more likely to overflow an int32 value than an int64. For folks parsing untrusted data which specifies field length you could end up reading a large "field length" value that, when combined with some offset overflows the value of int. The resulting value would pass a check like if offset+fieldLen < len(data) due to being negative or just smaller than offset but still be invalid in the context of the data.

Fuzzing in 32bit mode makes it much easier to trigger these errors.

A caveat, fuzzing with GOARCH=386 will be slower because there is no coverage guidance for the fuzzer on this arch.

Note that you can't do 32 bit fuzzing on Apple Silicon machines since there is only one GOARCH for them which is arm64. I tend to do my fuzzing on Intel based machine running Linux.

#Golang #Fuzzing #Security

In Golang I love table driven tests for logic that slices and dices protocol bytes off the wire because it allows me to trivially feed those same test inputs to fuzzers. Anytime anyone adds a test entry to the table to exercise new code or check a failure mode it automatically gets added to the fuzzing corpus without additional work.

#Golang #Fuzzing #Security

In Golang I love table driven tests for logic that slices and dices protocol bytes off the wire because it allows me to trivially feed those same test inputs to fuzzers. Anytime anyone adds a test entry to the table to exercise new code or check a failure mode it automatically gets added to the fuzzing corpus without additional work.

#Golang #Fuzzing #Security

In Golang I love table driven tests for logic that slices and dices protocol bytes off the wire because it allows me to trivially feed those same test inputs to fuzzers. Anytime anyone adds a test entry to the table to exercise new code or check a failure mode it automatically gets added to the fuzzing corpus without additional work.

#Golang #Fuzzing #Security

In Golang I love table driven tests for logic that slices and dices protocol bytes off the wire because it allows me to trivially feed those same test inputs to fuzzers. Anytime anyone adds a test entry to the table to exercise new code or check a failure mode it automatically gets added to the fuzzing corpus without additional work.

#Golang #Fuzzing #Security

In Golang I love table driven tests for logic that slices and dices protocol bytes off the wire because it allows me to trivially feed those same test inputs to fuzzers. Anytime anyone adds a test entry to the table to exercise new code or check a failure mode it automatically gets added to the fuzzing corpus without additional work.

#Golang #Fuzzing #Security

In our @Adenkiewicz 's latest post, see how combining AFL++ with GPT-5 Codex sped up triaging the results from fuzzing NASA’s CFITSIO library and uncovered numerous vulnerabilities.

https://blog.doyensec.com/2026/04/20/cfitsio-fuzzing.html

#doyensec #appsec #security #fuzzing

In our @Adenkiewicz 's latest post, see how combining AFL++ with GPT-5 Codex sped up triaging the results from fuzzing NASA’s CFITSIO library and uncovered numerous vulnerabilities.

https://blog.doyensec.com/2026/04/20/cfitsio-fuzzing.html

#doyensec #appsec #security #fuzzing

This is FUD.

Exploits can be found on proprietary code too.

https://m.slashdot.org/story/454100

#RE #Fuzzing #Coding

This is FUD.

Exploits can be found on proprietary code too.

https://m.slashdot.org/story/454100

#RE #Fuzzing #Coding

This is FUD.

Exploits can be found on proprietary code too.

https://m.slashdot.org/story/454100

#RE #Fuzzing #Coding

This is FUD.

Exploits can be found on proprietary code too.

https://m.slashdot.org/story/454100

#RE #Fuzzing #Coding

This is FUD.

Exploits can be found on proprietary code too.

https://m.slashdot.org/story/454100

#RE #Fuzzing #Coding

----------------

🎯 AI
===================

Opening: An autonomous vulnerability-hunting workflow was built around Claude Code and the Model Context Protocol (MCP) to expose local research tooling as callable services. The deployment runs eight MCP Python processes across five VMs, aggregating over 300 tools used for reverse engineering, fuzzing, crash triage, exploit development and reporting.

Key Features:
• Tool orchestration: MCP endpoints wrap RE tools such as Ghidra, radare2 and Frida, allowing the model to invoke decompilation, dynamic instrumentation and static analysis as typed function calls.
• Fuzzing at scale: Multiple fuzzing domains are managed via dedicated MCPs and an Infra MCP that provisions and scales Proxmox VMs for campaigns.
• Persistent debugging: Debugger MCPs maintain long-lived WinDbg/GDB sessions across calls to preserve context between analyses.
• RAG integration: A RAG MCP provides semantic search across campaign artifacts, crash triage notes and past findings to inform ongoing campaigns.
• ROI telemetry: A complementary component, TokenBurn, tracks Claude Max usage and hardware cost against discovered findings.

Technical Implementation:
• Architecture: A central Claude Code instance interacts with separate Python MCP servers registered in a single .mcp.json manifest. Each MCP exposes typed function signatures so the model can request, for example, kernel driver listings or Ghidra decompilation via named tool calls.
• Data flow: Tool outputs are normalized into structured artifacts consumed by the RAG indexer and stored per-campaign for reuse. Crash triage results and diffs are fed back into campaigns to prioritize fuzz targets.

Use Cases:
• Automated attack-surface enumeration and patch diffing across binaries.
• Orchestrated fuzzing campaigns with automated triage and PoC scaffolding.
• Assisted exploit development using model-driven shellcode generation and emulation aids.

Limitations:
• Operational cost tied to Claude Max compute and persistent VM footprint.
• Reliance on historical campaign data for RAG effectiveness; novel code paths may require manual intervention.
• Security and trust considerations when exposing powerful tooling via model-accessible endpoints.

Conclusion: This workflow demonstrates how MCP-style function exposure and RAG indexing can reduce manual orchestration overhead in vulnerability research, while highlighting operational cost and data-dependence trade-offs.

🔹 MCP #ClaudeCode #RAG #fuzzing #tool

🔗 Source: https://blog.zsec.uk/bullyingllms/

Анатомия фаззинг-атак: как сканируют сервера в 2026 году (разбор 20 000 строк логов Nginx)

Привет, Хабр! В прошлой статье я рассказывал, что с недавнего времени я развлекаюсь в мире highload тем что создаю для себя и своих близких мессенджер ( Plumb ). И несмотря на то, что клиент для него собран практически из цифровой изоленты, которую хорошенько искупали в бочонке с красками — он на удивление стабильно работает (и мессаджинг, и звонки) даже в текущих непростых реалиях. В той статье я предложил Хабру попытаться сломать сервер моего мессенджера. Было потно, но мы выстояли. Спасибо всем, кто участвовал! Но сегодня я хочу поговорить о другом. На примере одной реальной массированной автоматизированной атаки на мой сервер хочу показать как боты и специализированное ПО пытаются атаковать ваши веб-приложения и серверы в 2026 году. Эта реальная атака - идеальный, хрестоматийный пример того, как именно сегодня сканируют современную инфраструктуру . Никакой магии, только голые логи, разбор векторов и механика защиты. Поехали.

https://habr.com/ru/articles/1017294/

#nginx #ratelimit #fuzzing

Анатомия фаззинг-атак: как сканируют сервера в 2026 году (разбор 20 000 строк логов Nginx)

Привет, Хабр! В прошлой статье я рассказывал, что с недавнего времени я развлекаюсь в мире highload тем что создаю для себя и своих близких мессенджер ( Plumb ). И несмотря на то, что клиент для него собран практически из цифровой изоленты, которую хорошенько искупали в бочонке с красками — он на удивление стабильно работает (и мессаджинг, и звонки) даже в текущих непростых реалиях. В той статье я предложил Хабру попытаться сломать сервер моего мессенджера. Было потно, но мы выстояли. Спасибо всем, кто участвовал! Но сегодня я хочу поговорить о другом. На примере одной реальной массированной автоматизированной атаки на мой сервер хочу показать как боты и специализированное ПО пытаются атаковать ваши веб-приложения и серверы в 2026 году. Эта реальная атака - идеальный, хрестоматийный пример того, как именно сегодня сканируют современную инфраструктуру . Никакой магии, только голые логи, разбор векторов и механика защиты. Поехали.

https://habr.com/ru/articles/1017294/

#nginx #ratelimit #fuzzing

Анатомия фаззинг-атак: как сканируют сервера в 2026 году (разбор 20 000 строк логов Nginx)

Привет, Хабр! В прошлой статье я рассказывал, что с недавнего времени я развлекаюсь в мире highload тем что создаю для себя и своих близких мессенджер ( Plumb ). И несмотря на то, что клиент для него собран практически из цифровой изоленты, которую хорошенько искупали в бочонке с красками — он на удивление стабильно работает (и мессаджинг, и звонки) даже в текущих непростых реалиях. В той статье я предложил Хабру попытаться сломать сервер моего мессенджера. Было потно, но мы выстояли. Спасибо всем, кто участвовал! Но сегодня я хочу поговорить о другом. На примере одной реальной массированной автоматизированной атаки на мой сервер хочу показать как боты и специализированное ПО пытаются атаковать ваши веб-приложения и серверы в 2026 году. Эта реальная атака - идеальный, хрестоматийный пример того, как именно сегодня сканируют современную инфраструктуру . Никакой магии, только голые логи, разбор векторов и механика защиты. Поехали.

https://habr.com/ru/articles/1017294/

#nginx #ratelimit #fuzzing

Анатомия фаззинг-атак: как сканируют сервера в 2026 году (разбор 20 000 строк логов Nginx)

Привет, Хабр! В прошлой статье я рассказывал, что с недавнего времени я развлекаюсь в мире highload тем что создаю для себя и своих близких мессенджер ( Plumb ). И несмотря на то, что клиент для него собран практически из цифровой изоленты, которую хорошенько искупали в бочонке с красками — он на удивление стабильно работает (и мессаджинг, и звонки) даже в текущих непростых реалиях. В той статье я предложил Хабру попытаться сломать сервер моего мессенджера. Было потно, но мы выстояли. Спасибо всем, кто участвовал! Но сегодня я хочу поговорить о другом. На примере одной реальной массированной автоматизированной атаки на мой сервер хочу показать как боты и специализированное ПО пытаются атаковать ваши веб-приложения и серверы в 2026 году. Эта реальная атака - идеальный, хрестоматийный пример того, как именно сегодня сканируют современную инфраструктуру . Никакой магии, только голые логи, разбор векторов и механика защиты. Поехали.

https://habr.com/ru/articles/1017294/

#nginx #ratelimit #fuzzing

Начинаем в багбаунти: как найти ошибки в бизнес‑логике

Всем привет! Меня зовут Роман. В ИТ я больше семи лет: начинал с разработки, а теперь занимаюсь AppSec и параллельно пробую себя в багхантинге. Сейчас вхожу в топ-25 рейтинга на Standoff Bug Bounty. Здесь я выступаю как начинающий исследователь багов и буду рад поделиться своими наработками. Сегодня обсудим уязвимости бизнес‑логики — сложные и часто недооцененные ошибки, способные привести к серьезному ущербу. Разберем, как их находить, почему они опасны и что делает охоту за ними в багбаунти такой увлекательной. Погнали!

https://habr.com/ru/companies/pt/articles/1014346/

#bug_bounty #broken_access_control #race_condition #jwt #dos #standoff #bugs #api #fuzzing #auth_bypass

Начинаем в багбаунти: как найти ошибки в бизнес‑логике

Всем привет! Меня зовут Роман. В ИТ я больше семи лет: начинал с разработки, а теперь занимаюсь AppSec и параллельно пробую себя в багхантинге. Сейчас вхожу в топ-25 рейтинга на Standoff Bug Bounty. Здесь я выступаю как начинающий исследователь багов и буду рад поделиться своими наработками. Сегодня обсудим уязвимости бизнес‑логики — сложные и часто недооцененные ошибки, способные привести к серьезному ущербу. Разберем, как их находить, почему они опасны и что делает охоту за ними в багбаунти такой увлекательной. Погнали!

https://habr.com/ru/companies/pt/articles/1014346/

#bug_bounty #broken_access_control #race_condition #jwt #dos #standoff #bugs #api #fuzzing #auth_bypass

Начинаем в багбаунти: как найти ошибки в бизнес‑логике

Всем привет! Меня зовут Роман. В ИТ я больше семи лет: начинал с разработки, а теперь занимаюсь AppSec и параллельно пробую себя в багхантинге. Сейчас вхожу в топ-25 рейтинга на Standoff Bug Bounty. Здесь я выступаю как начинающий исследователь багов и буду рад поделиться своими наработками. Сегодня обсудим уязвимости бизнес‑логики — сложные и часто недооцененные ошибки, способные привести к серьезному ущербу. Разберем, как их находить, почему они опасны и что делает охоту за ними в багбаунти такой увлекательной. Погнали!

https://habr.com/ru/companies/pt/articles/1014346/

#bug_bounty #broken_access_control #race_condition #jwt #dos #standoff #bugs #api #fuzzing #auth_bypass

Начинаем в багбаунти: как найти ошибки в бизнес‑логике

Всем привет! Меня зовут Роман. В ИТ я больше семи лет: начинал с разработки, а теперь занимаюсь AppSec и параллельно пробую себя в багхантинге. Сейчас вхожу в топ-25 рейтинга на Standoff Bug Bounty. Здесь я выступаю как начинающий исследователь багов и буду рад поделиться своими наработками. Сегодня обсудим уязвимости бизнес‑логики — сложные и часто недооцененные ошибки, способные привести к серьезному ущербу. Разберем, как их находить, почему они опасны и что делает охоту за ними в багбаунти такой увлекательной. Погнали!

https://habr.com/ru/companies/pt/articles/1014346/

#bug_bounty #broken_access_control #race_condition #jwt #dos #standoff #bugs #api #fuzzing #auth_bypass

----------------

🔎 AI: Auditing the Gatekeepers

This report describes a targeted research effort that treated LLM-based "AI judges" as opaque gatekeepers and applied automated fuzzing to reveal exploitable logic behaviors. The research team built AdvJudge-Zero, an internal red-team fuzzer that interacts with models purely through their textual interface to discover input sequences that change safety decisions.

Methodology
• Token discovery via next-token distribution: The fuzzer probes the model to surface likely continuations and identifies low-perplexity, high-influence tokens — described as "stealth control tokens" (for example, innocuous formatting or markdown symbols) that strongly sway attention while remaining natural.
• Iterative refinement and logit-gap analysis: Candidate tokens are iteratively tested while measuring the decision margin (the logit-gap) between allow and block responses. Tokens that minimize the probability of a block decision are elevated as triggers.

Findings
• Stealthy triggers exist: Effective bypasses do not require high-entropy gibberish; benign formatting characters can flip a block decision to allow.
• Black-box feasibility: The approach works without internal model access by exploiting predictive behavior exposed through the API-level next-token probabilities and output patterns.
• Quantitative signal: The report emphasizes measuring decision boundary shifts via logit-gap as the primary metric for exploitability.

Implications and scope
• The study focuses on AI judges as deployed decision points within AI stacks; it documents a reproducible technique to search for policy-evasion sequences rather than offering operational mitigations.
• Vendor and service mentions: the report notes Prisma AIRS and Unit 42 AI Security Assessment as protective offerings and points to Unit 42 Incident Response for urgent issues.

Technical details reported here reflect the paper's concrete narrative: AdvJudge-Zero, next-token discovery, stealth control tokens, iterative logit-gap based refinement, and the demonstrated ability to convert blocking judgments into allowing outputs through benign formatting triggers.

🔹 advjudge_zero #promptinjection #fuzzing #LLM #logit-gap

🔗 Source: https://unit42.paloaltonetworks.com/fuzzing-ai-judges-security-bypass/

I would have never found this myself, because I would have had no reason to look for it. It's a single character typo in a regular expression that has no effect on the intended functionality, but leads to catastrophic backtracking when fed with malicious input. Why typo? Because the same pattern is used twice, and only one of them was bad.

The library has 100% test coverage, including malicious input scenarios. But for this kind of issues you'd need a fuzzer. Maybe I should look into #fuzzing?

I would have never found this myself, because I would have had no reason to look for it. It's a single character typo in a regular expression that has no effect on the intended functionality, but leads to catastrophic backtracking when fed with malicious input. Why typo? Because the same pattern is used twice, and only one of them was bad.

The library has 100% test coverage, including malicious input scenarios. But for this kind of issues you'd need a fuzzer. Maybe I should look into #fuzzing?

I would have never found this myself, because I would have had no reason to look for it. It's a single character typo in a regular expression that has no effect on the intended functionality, but leads to catastrophic backtracking when fed with malicious input. Why typo? Because the same pattern is used twice, and only one of them was bad.

The library has 100% test coverage, including malicious input scenarios. But for this kind of issues you'd need a fuzzer. Maybe I should look into #fuzzing?