Whitebox fuzz testing is widely recognized as one of the most effective methods for identifying critical bugs and vulnerabilities, which is why it’s recommended by ISO 21434 and ASPICE for cybersecurity. Yet, its adoption remains limited due to the high level of expertise required and the significant manual effort involved. As the code comprehension and general reasoning ability of Large Language Models (LLMs) are constantly improving, we have been exploring how these models can be leveraged to automate the fuzzing process so that we can unlock the full potential of fuzz testing with minimal overhead.
In this session, you will learn:
- Why current testing methods such as static analysis and penetration testing are insufficient for securing automotive software
- Why companies like Google, Microsoft, and Continental adopt whitebox fuzz testing
- How fuzz testing can be automated using LLMs
- How an AI-generated fuzz test discovered a vulnerability in a popular open-source crypto library for embedded systems and IoT
&nsbp;
