Towards Identifying the Economics and Efficiency of Fuzzers vs. Agents
The article discusses the comparison between fuzzers and agents in identifying software vulnerabilities. It highlights the success of fuzzing in finding bugs and the growing interest in using agents, particularly LLMs, for similar tasks. The author raises questions about the economics and efficiency of both methods, suggesting a need for further research on their cost-effectiveness.
- ▪OSS-Fuzz has identified and fixed over 13,000 vulnerabilities and 50,000 bugs across 1,000 projects as of May 2025.
- ▪The transition from fuzzing to agents has been marked by a shift from CPU to GPU cycles for bug detection.
- ▪There is a need for research comparing the costs and efficiencies of fuzzing versus LLMs in software analysis.
Opening excerpt (first ~120 words) tap to expand
Towards Identifying the Economics and Efficiency of Fuzzers vs. AgentsApr 6, 2026 • Mike ShemaCourtesy British Library (1875.c.19)Agents and LLMs have gained favor as the method for finding flaws, but how would we measure their economics and efficiency against a decade of successful fuzzing? As methods for bug hunting, they're neither mutually exclusive nor so overlapping as to be redundant. So how would we design a process for deciding which one to run and when?Fuzzing has had a great success! "As of May 2025, OSS-Fuzz has helped identify and fix over 13,000 vulnerabilities and 50,000 bugs across 1,000 projects."1I've always loved fuzzing as a way to find software quality problems. Some of those problems have security impacts, others are implementation mistakes.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Dangerous Errors.
Discussion
0 commentsMore from Dangerous Errors
