What it is
Google OSS-Fuzz AI is the LLM-enhanced fuzzing work Google has been integrating with OSS-Fuzz. It uses language models to generate and improve fuzz targets, fix build and runtime issues in those targets, and help triage crashes.
What is verified
Google’s November 2024 update says AI-generated and enhanced fuzz targets found 26 new vulnerabilities across open-source projects. The strongest public anchor is CVE-2024-9143 in OpenSSL, which Google highlighted as one of the first LLM-discovered vulnerabilities in a critical software component.
What is not counted
The broader “26 vulnerabilities” headline is not counted as 26 CVEs in this ledger. Only the OpenSSL CVE explicitly named in the public source is counted as a CVE-backed entry.