We already reported 7 vulnerabilities to @ollama via @huntr_ai 🔥. The first one is CVE-2024-12886, report is now public even if the bug is not fixed yet. Please do not exposed your Ollama server, it is not the only bug we found. 🛡️.

🔗 Wanna learn more about it? .

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

📊 Dotting (CFG Editing). Use --reduced or --only-entrypoint to create minimal graphs, and re-inject just the functions you need for analysis. Sol-azy lets you trim huge CFGs into something actionable.

⏪ Reverse Engine. Disassemble eBPF, track .rodata immediates, generate control flow graphs (CFGs), and even match instruction-level patterns.

🎣 Fetcher Module. Need the on-chain deployed bytecode of a program?. Sol-azy can fetch the actual .so from mainnet or custom RPCs.

⚙️ Build Engine (still in WIP). No need to fumble with anchor or cargo separately. Sol-azy can detect project type (and version of anchor/cargo) and compile .so artifacts for you, whether you're using Anchor or raw SBF.

📜 SAST Engine. Sol-azy uses a custom Starlark rule engine to scan the Rust AST and catch common issues statically. Write rules once, reuse them across audits.

Ever wanted a single tool to build, analyze (static analyzer), fetch, and reverse engineer Solana SBPF programs? 💻. We built Sol-azy, a modular CLI toolkit for security researchers: Let’s break it down 🧵

Finally!!!!! Look like we have some new targets to fuzz this summer 🔥.

Dive into the full methodology, raw numbers, and lessons learned in the blog ⬇️. 🔗 

Key takeaways:. - Training quality > parameter count.- Better orchestration + multi-agent strategies are the next frontier.- AI is a force-multiplier, not a silver bullet (yet)

⚠️ Reality check: every model produced 13-27 false positives. Human-in-the-loop review remains non-negotiable for the moment!

Community models hold their own! DeepHermes 3 lands 22.81 %, proof that open innovation matters.

Mid-tier open models punch above their weight:. - Mistral Medium 3 — 24 %.- LLaMA 4 Maverick — 23.53 %

Top 3 performers. 🥇 GPT-4.1 — 37.21 % score.🥈 Claude Sonnet 4 — 34.04 %.🥉 ChatGPT-4o — 31.91 %

How we tested ?. - Single-pass code review (no multi-agent tricks).- Languages: Python, Go, C++.- 6 vulns hunted: SQLi, XSS, Cmd Injection, Weak Crypto, Buffer Overflow, File Inclusion

Our @FuzzingLabs AI Team put leading LLM agents through a real-world vulnerability benchmark. Spoiler → even the best model still misses more than half the bugs! 🧵

RT @fede_intern: Great work by @FuzzingLabs that hopefully will be very useful for the @solana community. @0xMert_ and @aeyakovenko hope y….

🚀 We just released sol-azy on GitHub!. A modular CLI for static analysis & reverse engineering of #Solana sBPF programs — with disassembly, CFGs, and Starlark rule support. 🧵 👀 Docs: #Solana #RE #Security #Rust.

Hardening checklist 🔐. - Upgrade to ≥ v0.3.15.- Bind to localhost or place behind VPN / reverse proxy.- Enforce auth (JWT, mTLS, API key).- Restrict egress & monitor logs for /api/create, /api/pull abuse.- Scan regularly (Shodan/Censys) for accidental exposure. 🔗 Full.

The CVEs you can’t ignore 🐞. 💣 CVE-2024-7773(RCE) — patch in v0.1.47.⚠️ CVE-2025-0317 (DoS) - patch in v0.3.15. Keeping legacy tags online = giving intruders shell access.