FuzzingLabs
@FuzzingLabs
Followers
9K
Following
750
Media
275
Statuses
791
Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
Paris
Joined August 2020
💥 We’ve just raised €1M in pre-seed funding to accelerate the development of FuzzForge. When I started FuzzingLabs, everything was bootstrapped: our audits, our trainings, our R&D. No investors, no funding. Just a passionate team obsessed with offensive security and the
3
39
265
If you want to support the journey, drop a ⭐️ on GitHub: https://t.co/7CZXoCJSsB
github.com
AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketpl...
0
1
3
We just published Part 1 of our deep-dive on how we’re building #FuzzForge. Security tools exist. Orchestration doesn’t. FuzzForge chains SAST + fuzzing + dynamic analysis + AI agents into auditable, adaptive workflows, not black-box “AI hacking.” This is why we’re rethinking
fuzzinglabs.com
Security tools exist but nobody orchestrates them together. FuzzForge chains heterogeneous tools into intelligent, auditable workflows powered by specialized AI agents.
4
13
45
New feature for our #Solana static analyzer: Sol-azy 🚀 We just released Recap, a one-command way to turn any Anchor project into a clean, audit-friendly overview. It extracts signers, writables, constraints, PDAs, and memory ops into a single Markdown report, perfect for fast
fuzzinglabs.com
Discover our new update of Sol-azy, our modular CLI toolchain for static analysis and reverse engineering of Solana sBPF programs
2
10
34
🚀 New Course Released: Fuzzing #Windows Userland Applications (3-Day Certified Training) This is our most advanced Windows-focused training yet built for security engineers, VR researchers, and pentesters who want to master real-world fuzzing on targets like WinRAR, IrfanView,
0
11
45
Last week, @Pat_Ventuzelo our CEO and the team were at @EUCyberWeek in Rennes, and it was an amazing experience. Three intense days meeting great people, sharing ideas, and presenting FuzzForge to dozens of teams who were genuinely excited about the project. Huge thanks to
0
3
31
New research overturns a major assumption in LLM security: even large models (600M → 13B) can be backdoored with only 250 poisoned documents. Model size doesn’t matter. Attack success depends on absolute count, not % of training data. 250 malicious documents ≈ 420k tokens =
1
5
17
At FuzzingLabs, we’re already building this future with FuzzForge: an open-source, AI-native platform that orchestrates multi-agent workflows for fuzzing, reversing, and vulnerability triage. Explore it → https://t.co/VMsW5FZYqY
#FuzzForge #AIxCC #OffensiveSecurity #AppSec #AI
github.com
AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketpl...
0
1
4
I gave the closing keynote at @SidesBer 2025: AI for AppSec & Offensive Security: From Automation to Autonomy We explored how AI is reshaping vulnerability research from tool automation to the first steps toward autonomous red teams. Slides 📎 https://t.co/IReEws098P
11
18
82
Last talk for the day: AI for AppSec and Offensive Security: From Automation to Autonomy by @Pat_Ventuzelo
0
2
5
Preparing my slides for my BSides Berlin 2025 keynote, and I thought we could play a little game ;) Let’s call it “The AI #AppSec Keyword Games” Your mission: - Match each AppSec company to its AI-powered marketing tagline. This slide is part of my section “From Automation to
1
3
34
LLMs are beating regex in secret detection. We benchmarked Gitleaks, TruffleHog, and two LLMs on real-world codebases. GPT-5-mini hits 84.4% recall vs Gitleaks at 37.5% vs TruffleHog at 0.0% LLMs catch: – Split secrets – Obfuscated tokens – Decoded vars – Even commented-out
12
51
226
One of the last steps prior to launching ZK Arcade on mainnet was a code audit by @FuzzingLabs. You can see the full results of the audit here:
github.com
Aligned ZK Games. Contribute to yetanotherco/zk_arcade development by creating an account on GitHub.
5
4
39
This runs inside the new FuzzForge v0.7.0: → Temporal workflows → On-demand vertical workers → AI-powered code analysis (SARIF included) GitHub: https://t.co/VMsW5G0wgw Docs: https://t.co/3hx0QTTZRf
#DevSecOps #AppSec #LLMSecurity #FuzzForge
github.com
AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketpl...
0
9
22
LLMs are beating regex in secret detection. We benchmarked Gitleaks, TruffleHog, and two LLMs on real-world codebases. GPT-5-mini hits 84.4% recall vs Gitleaks at 37.5% vs TruffleHog at 0.0% LLMs catch: – Split secrets – Obfuscated tokens – Decoded vars – Even commented-out
12
51
226
We are back at #Pwn2Own !! Excited to be part again at the most famous offensive competition in the world organized by @thezdi ;) Good luck everyone but especially for our team :p
The schedule for #Pwn2Own Ireland is now live! 53 entries from 25 teams over three days of excitement and pwnage. We'll be updating the schedule with live streaming information as we get them set up. https://t.co/wFKRtsqxjp
#P2OIreland
4
5
75
Thanks for updating attribution, that’s a necessary step. One remaining factual point must be clear for the public record: your post still states that PoCs were not copied verbatim. That is incorrect. Below is concrete evidence: the Ollama PoC we published intentionally
@fede_intern @ycombinator @paulg @FuzzingLabs Disappointed to see public accusations without reaching out first, especially after launching a competitive product. We work directly with maintainers via GitHub, not bounty platforms. Neither we nor the maintainers knew about your Huntr reports at the time, otherwise they would
4
10
103
💣 We caught @ycombinator–backed @gecko_sec stealing two of our CVEs, one on @ollama , one on @Gradio. They copied our PoCs, claimed CVE IDs, and even back-dated their blog posts. Here’s the full story 👇
26
129
851
#BSidesBerlin Speaker Showcase @pat_ventuzelo will deliver our closing keynote: how AI is shifting from automation to autonomy in AppSec & offensive security, envisioning AI-driven red teams. Get your tickets here 👉 https://t.co/kJPlqQJlHa
@SecurityBSides #AI #RedTeam
0
4
7
Hi, does anyone here have a contact at @ycombinator? cc @paulg Quick context: @FuzzingLabs developed an open-source, AI-driven fuzzing tool that discovered a number of significant vulnerabilities which we disclosed publicly. A competing team backed by YC, @gecko_sec, has since
💣 We caught @ycombinator–backed @gecko_sec stealing two of our CVEs, one on @ollama , one on @Gradio. They copied our PoCs, claimed CVE IDs, and even back-dated their blog posts. Here’s the full story 👇
21
26
255