Using artificial intelligence to augment bug fuzzing

Abstract

Fuzz testing is a wide-use technique to test for bugs and vulnerabilities in software programs. The process leading up to the actual fuzzing is labour-intensive and time-consuming as it requires the tester to manually scope the software-under-test for fuzz-able files and functions in addition to manually crafting a fuzzing harness before the fuzzing can begin. This study explores the use of generative artificial intelligence, specifically ChatGPT to automate the generation of fuzzing harnesses. The goal of this study is to successfully generate a working fuzzing harness using ChatGPT and ultimately discover vulnerabilities in a software program. This paper presents a Proof-Of-Concept of AI fuzzing harness generation and provides detailed step-by-step guide and analysis of the whole fuzz testing process. The vulnerability found using the ChatGPT-generated fuzzing harness was responsibly disclosed to the developers and is pending review.