|
By Peter Samarin
Daniel Pouzzner from wolfSSL has challenged us to find 3 more vulnerabilities in the wolfSSL library, after we found the first one in October 2024. We weren't quite able to find three, but here are the additional two that we found: Both vulnerabilities were fixed in wolfSSL version 5.8.0, released on 24 April 2025. The fuzz tests that found these vulnerabilities were generated by our AI Test Agent.
|
By Natalia Kazankova
If you recognize the benefits that fuzz testing can bring to your software security but are new to it, read on. In this blog post, you’ll learn what you need to consider before implementing fuzz testing in your company to ensure a smooth and successful adoption. So, you’ve chosen the light side and decided to find and fix bugs in your code before they become a problem. Well done, and congrats!
|
By Natalia Kazankova
An automotive supplier employs static analysis and Code Intelligence's Fuzz Testing to assess software within a separate business unit. The project comprises 10 million lines of C code, adhering to Classic AUTOSAR standards.
|
By Natalia Kazankova
Memory safety vulnerabilities remain among the most widespread and exploited security issues. They occur in C and C++ projects, which are widely used across embedded systems, including automotive, medical devices, and avionics. Read on to learn why they can happen and how to prevent them.
|
By Natalia Kazankova
The MDR came into full effect in 2021, but many devices are still certified under MDD and will need to transition. As a result, Europe is facing a period of regulatory limbo. The MDR outlines what manufacturers must achieve but not how to do it, creating a gap between regulatory intent and practical implementation. To help bridge this gap, manufacturers rely on.
|
By Markus Zoppelt
A dynamic stack buffer overflow vulnerability in the Abseil C++ library (abseil-cpp) was autonomously identified through AI-enhanced fuzz testing using CI Fuzz’s AI Test Agent and has been fully addressed with a patch. This post dives into the vulnerability, its discovery, and its implications for systems relying on this widely-used library.
|
By Markus Zoppelt
A critical heap buffer overflow vulnerability in the AWS C Common library was discovered autonomously through an AI-automated fuzz testing solution, CI Fuzz, and has been fully addressed with a patch. In this post, we explore the vulnerability and its potential impact on embedded systems.
|
By Natalia Kazankova
C and C++ programming are notorious for being bug-prone. Let’s look at the most dangerous software weaknesses in 2024 that are relevant for C and C++, so that you know what type of issues to test your code against in 2025. We examined the 2024 CWE Top 25 Most Dangerous Software Weaknesses list developed by Common Weakness Enumeration (CWE) and identified weaknesses relevant to C/C++. These weaknesses can become vulnerabilities. We explained how they occur and how you can uncover them.
|
By Natalia Kazankova
In 2025, fuzz testing has become an essential practice for ensuring software security and reliability. By identifying vulnerabilities through randomized input testing, fuzzing helps development teams uncover bugs that traditional testing methods—such as static analysis and penetration testing—often miss. With rapid advancements in security tools, let’s explore the top fuzz testing tools of 2025, their key features, benefits, and how they compare.
|
By Natalia Kazankova
We’re thrilled to announce the general availability of Spark, an AI Test Agent that lowers the entry barrier to white-box fuzz testing. In this blog, we explain how Spark works and share the main results from its beta testing that prove its effectiveness.
|
By Code Intelligence
Demo: AI Test Agent in Action Discover the benefits of CI Fuzz 2.0, our powerful tool that simplifies fuzzing to a single command. The demo will also highlight root cause analysis capabilities, showcasing how vulnerabilities can be identified and addressed efficiently, this demo will uncover several real-world severe vulnerabilities uncovered by AI Test Agent in widely used open-source libraries during the past few months.
|
By Code Intelligence
Introducing “Spark” Code Intelligence’s AI Test Agent Fuzz testing is a proven powerhouse for uncovering critical bugs, yet its full potential often goes untapped due to the heavy manual workload it demands. But what if that effort could be a thing of the past? Enter “Spark” Code Intelligence’s AI Test Agent—a revolutionary solution that automates the discovery of vulnerabilities, bringing the power of advanced security testing, like fuzzing, into reach for all.
|
By Code Intelligence
Despite wolfSSL’s rigorous software testing practices, in October 2024, Code Intelligence—an application security vendor—discovered a potentially exploitable defect in wolfSSL. Remarkably, the potential vulnerability was found without human intervention. The only manual step was executing a single command to trigger autonomous fuzz testing. Watch the video for a live demo of AI-automated fuzzing.
|
By Code Intelligence
A few weeks ago, we introduced Spark, an AI Test Agent that autonomously uncovers bugs in unknown code with just a single command. Watch the video to see how Spark generated 3 successful fuzz tests, identified a severe vulnerability, and achieved 79% code coverage with just one command. Spark has already identified several real-world vulnerabilities in open-source projects, even those that are continuously fuzzed.
|
By Code Intelligence
Testing Classic AUTOSAR applications has long been a significant challenge due to the reliance on hardware-in-the-loop (HiL) setups, which are costly, complex, and hard to scale. In this free webinar, Khaled Yakdan explains how a Tier-1 automotive supplier implemented Code Intelligence’s AUTOSAR simulator and enabled Software-in-the-Loop testing. Dr. Khaled Yakdan, Chief Product Officer, of Code Intelligence, also explains how this approach helps catch more critical bugs that can be accessed externally, speeds up security testing, and reduces hardware dependency.
|
By Code Intelligence
In previous videos, you've seen that LLM can generate fuzz tests. But what if AI fails to produce a working test or to cover specific workflows that are unavailable as unit tests or usage examples in the code base? You can prompt AI to make changes. Here is how the "Interactive mode" works in CI Fuzz.
|
By Code Intelligence
After generating fuzz tests with LLMs, the next important step is verifying that these tests are of high quality and ensuring they run and work as intended. CI Fuzz can now automatically build the generated fuzz test, run it, and perform a health check to assess its quality and refine it further if it doesn't pass the health check. Watch the video to see it in action.
|
By Code Intelligence
Creating high-quality fuzz tests is essential for efficient fuzz testing. However, crafting these tests is a time-consuming, manual process, which has become a major barrier to the widespread adoption of fuzz testing. Watch the video to see how CI Fuzz can automatically generate high-quality fuzz tests by leveraging LLMs and static analysis.
|
By Code Intelligence
The first step to start fuzzing is to identify what part of the software you want to fuzz. You definitely want to fuzz the most critical functions/APIs—those that exercise a significant amount of code and trigger key functionalities. However, manually identifying these targets can be time-consuming and challenging. Watch the video to see how CI Fuzz can automatically prioritize functions for fuzzing.
|
By Code Intelligence
If you want to automate your code analysis to identify the best fuzzing targets, you can do so with CI Fuzz. In the previous video, Khaled demonstrated how CI Fuzz automatically prioritized functions to test. But what if you already have unit or fuzz tests? CI Fuzz can analyze an LCOV coverage report and identify less-covered functions. These functions will now receive higher scores, highlighting them as top targets for new tests.
- June 2025 (1)
- May 2025 (1)
- April 2025 (3)
- March 2025 (3)
- February 2025 (4)
- January 2025 (6)
- December 2024 (5)
- November 2024 (4)
- October 2024 (3)
- September 2024 (3)
- August 2024 (4)
- July 2024 (2)
- June 2024 (1)
- May 2024 (4)
- April 2024 (4)
- March 2024 (3)
- February 2024 (1)
- January 2024 (2)
- December 2023 (1)
- October 2023 (2)
- September 2023 (3)
- August 2023 (4)
- July 2023 (3)
- June 2023 (1)
- May 2023 (2)
- April 2023 (8)
- March 2023 (10)
- February 2023 (8)
- January 2023 (6)
- December 2022 (11)
- November 2022 (14)
- October 2022 (13)
- September 2022 (10)
- August 2022 (2)
- June 2022 (2)
- May 2022 (1)
- April 2022 (1)
- February 2022 (2)
- January 2022 (2)
- December 2021 (9)
Code Intelligence leverages the best of static and dynamic application security technologies, including advanced fuzz testing, to achieve maximum code coverage without false-positives.
Code Intelligence enables companies to simplify their software testing processes. Our solution - the CI Security Suite - enhances security testing efficiency for experts and enables developers without IT security expertise to perform continuous automated security and reliability tests. In this way, the development process can be accelerated and continuous quality management can be realized.
Secure Your Code With Each Pull Request:
- Choose Your Tech Stack: Code Intelligence can be integrated into all your favorite build systems, IDEs, ticket systems, issue trackers, and CI/CD tools.
- Set Up Fuzz Tests in Minutes: Through automated instrumentation and endpoint detection, Code intelligence makes fuzzing as simple as writing Unit Tests. No need to write fuzz targets or test harnesses.
- Scan Applications Continuously: Our platform features runtime error detection, advanced REST and gRPC API tests, and reliable OWASP vulnerability detectors. You can configure Code Intelligence to run security tests every night, or at each pull request.
- Reproduce Your Findings: Our easy-to-use GitHub integration and debugging features enable you to reproduce all findings without false-positives. Each error message comes with detailed input data, stack trace, and log documentation which can be easily shared with the team.
- Prioritize Security Issues: Our user-friendly dashboard classifies bug reports and vulnerabilities based on severity, so you have everything you need to come up with a well-informed decision on how to proceed with a finding. Manage findings directly within in your IDE or feed them straight into your favorite ticketing systems, and issue trackers.
Find, Triage, and Fix Security Issues at Scale .