AIxCC / All You Need Is A Fuzzing Brain

What we built

A Cyber Reasoning System

All You Need Is A Fuzzing Brain was an autonomous Cyber Reasoning System built for DARPA AIxCC. The system combined fuzzing, LLM-based reasoning, vulnerability analysis, and patch-generation workflows for real-world open-source C and Java projects.

The work is no longer my active research focus, but it is one of the clearest examples of my experience building and evaluating AI systems under competitive, high-stakes engineering constraints.

My contribution

Agentic LLM evaluation

I worked on research and design for autonomous vulnerability-finding and patching systems, including experiments with retrieval-augmented generation, few-shot prompting, and LLM agent techniques.

I also evaluated models with custom benchmarks to measure effectiveness across challenge tasks and detected real vulnerabilities in open-source projects after the AIxCC competition work.

Outcome

Finalist result and paper

• Competition: DARPA Artificial Intelligence Cyber Challenge finalist team.
• Placement: 4th in the final round.
• Results: discovered 28 real-world vulnerabilities, including six previously unknown zero-days, and patched 14.
• Publication: coauthored arXiv paper, submitted September 8, 2025.
• Presentation: presented work at DEF CON 33.

Stack and artifacts

Open-source CRS

• Stack: Python, LLM APIs, RAG, custom benchmarks, fuzzing infrastructure, Docker, C and Java challenge projects.
• Paper: "All You Need Is A Fuzzing Brain: An LLM-Powered System for Automated Vulnerability Detection and Patching."
• Code: open-source CRS repository.
• Benchmarking: public leaderboard for LLM vulnerability detection and patching tasks derived from the AIxCC dataset.