Jonathan Metzman
@metzmanj
Followers
2K
Following
5K
Media
13
Statuses
942
I do fuzzing on Google's Open Source Security Team. I work on OSS-Fuzz/ClusterFuzz/FuzzBench. Speaking on behalf of myself, not my employer.
Joined January 2019
Check out our work on using LLMs to generate fuzz targets in OSS-Fuzz:.
3
30
132
RT @ForrestPKnight: you're not allowed to write comments in your code anymore, because if you do everyone will just think it's ai generated.
0
522
0
RT @mboehme_: #FUZZING'25 CALL FOR PAPERS.──────.✨ New OC members: @RuijieMeng (NUS) + Rohan Padhye (@moarbugs; CMU). ✨ New paper type: Fuz….
0
19
0
RT @mboehme_: ICLR'25 Spotlight 🤩 (5% of accepted papers) -- for a topic we've just been nerding out on. Congrats Seongmin! 🎉. 📝 https://t….
0
5
0
The OSS-Fuzz team is hiring a PhD intern for this summer. Come join us and build the future of fuzzing. Link in next tweet in thread. RTs appreciated!.
2
32
88
RT @clintgibler: 📚 tl;dr sec 258. 🤖 Google's AI-powered Fuzzing @halbecaf, @metzmanj.☁️ What Hackers know about your AWS Account @dagrz.🔬 F….
0
7
0
RT @l33d0hyun: My LLM analyzed a vulnerability in a Linux library and even created a PoC! This is expected to be used in Browser's Sandbox….
0
78
0
RT @clintgibler: 🤖 The latest in LLM-powered fuzzing from Google. 26 new vulns so far, 1 in OpenSSL. The LLM can draft a fuzz target, fix c….
0
17
0
LLMs are just a special case of fuzzing btw.
"its actually just special case of [INSERT_YOUR_WORK/FIELD_HERE]. ". RL people : thats actually just RL btw.Diffusion people: thats actually diffusion btw.Autoregressive people: thats actually next token prediction btw.Transformer people: attention literally all you need btw.
1
0
3
We published more details about our LLM-based fuzz target generator, which found CVE-2024-9143 in OpenSSL
1
20
123
RT @moyix: XBOW found a critical auth bypass (CVE-2024-50334) in a widely-used open-source Q&A site, fully autonomously! @nicowaisman and I….
0
19
0
RT @domenuk: Project Zero blog:.LLMs find 0days now! 👀. And: our fuzzer setup did *not* reproduce it! https://t.c….
0
150
0
Our LLM work has found an out-of-bounds read in OpenSSL!
CVE-2024-9143 ( was disclosed recently, which was found by OSS-Fuzz-Gen! This is a pretty proud example of our team showing the promise of leveraging LLMs enable more fuzzing coverage.
3
46
215