只需一颗模糊大脑:基于大语言模型的自动化漏洞检测与修复系统
All You Need Is A Fuzzing Brain: An LLM-Powered System for Automated Vulnerability Detection and Patching
September 8, 2025
作者: Ze Sheng, Qingxiao Xu, Jianwei Huang, Matthew Woodcock, Heqing Huang, Alastair F. Donaldson, Guofei Gu, Jeff Huang
cs.AI
摘要
我们团队“All You Need Is A Fuzzing Brain”在DARPA的人工智能网络挑战赛(AIxCC)中跻身七强决赛,并最终获得第四名。比赛期间,我们开发了一套网络推理系统(CRS),该系统自主发现了现实世界开源C和Java项目中的28个安全漏洞——其中包括6个此前未知的零日漏洞——并成功修复了其中的14个。完整的CRS已在https://github.com/o2lab/afc-crs-all-you-need-is-a-fuzzing-brain开源。本文详细阐述了我们的CRS技术细节,重点介绍了其基于大语言模型(LLM)的组件与策略。基于AIxCC,我们进一步推出了一个公开排行榜,用于评估顶尖LLM在漏洞检测与修复任务上的表现,该排行榜数据源自AIxCC数据集。排行榜地址为https://o2lab.github.io/FuzzingBrain-Leaderboard/。
English
Our team, All You Need Is A Fuzzing Brain, was one of seven finalists in
DARPA's Artificial Intelligence Cyber Challenge (AIxCC), placing fourth in the
final round. During the competition, we developed a Cyber Reasoning System
(CRS) that autonomously discovered 28 security vulnerabilities - including six
previously unknown zero-days - in real-world open-source C and Java projects,
and successfully patched 14 of them. The complete CRS is open source at
https://github.com/o2lab/afc-crs-all-you-need-is-a-fuzzing-brain. This paper
provides a detailed technical description of our CRS, with an emphasis on its
LLM-powered components and strategies. Building on AIxCC, we further introduce
a public leaderboard for benchmarking state-of-the-art LLMs on vulnerability
detection and patching tasks, derived from the AIxCC dataset. The leaderboard
is available at https://o2lab.github.io/FuzzingBrain-Leaderboard/.