只需一顆模糊的大腦:基於大型語言模型的自動化漏洞檢測與修補系統
All You Need Is A Fuzzing Brain: An LLM-Powered System for Automated Vulnerability Detection and Patching
September 8, 2025
作者: Ze Sheng, Qingxiao Xu, Jianwei Huang, Matthew Woodcock, Heqing Huang, Alastair F. Donaldson, Guofei Gu, Jeff Huang
cs.AI
摘要
我們團隊「All You Need Is A Fuzzing Brain」在DARPA的人工智慧網路挑戰賽(AIxCC)中,成為七支決賽隊伍之一,並在最終輪次中獲得第四名。比賽期間,我們開發了一套網路推理系統(CRS),該系統自主發現了現實世界開源C和Java項目中的28個安全漏洞——其中包括六個先前未知的零日漏洞——並成功修補了其中的14個。完整的CRS已開源於https://github.com/o2lab/afc-crs-all-you-need-is-a-fuzzing-brain。本文詳細介紹了我們CRS的技術細節,重點闡述了其基於大型語言模型(LLM)的組件與策略。基於AIxCC,我們進一步推出了一個公開排行榜,用於評估頂尖LLM在漏洞檢測與修補任務上的表現,該排行榜數據源自AIxCC數據集。排行榜可訪問於https://o2lab.github.io/FuzzingBrain-Leaderboard/。
English
Our team, All You Need Is A Fuzzing Brain, was one of seven finalists in
DARPA's Artificial Intelligence Cyber Challenge (AIxCC), placing fourth in the
final round. During the competition, we developed a Cyber Reasoning System
(CRS) that autonomously discovered 28 security vulnerabilities - including six
previously unknown zero-days - in real-world open-source C and Java projects,
and successfully patched 14 of them. The complete CRS is open source at
https://github.com/o2lab/afc-crs-all-you-need-is-a-fuzzing-brain. This paper
provides a detailed technical description of our CRS, with an emphasis on its
LLM-powered components and strategies. Building on AIxCC, we further introduce
a public leaderboard for benchmarking state-of-the-art LLMs on vulnerability
detection and patching tasks, derived from the AIxCC dataset. The leaderboard
is available at https://o2lab.github.io/FuzzingBrain-Leaderboard/.