Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Toan Pham Profile picture
Toan Pham
@__suto
Cybersec Enthusiast. RCE: IE/V8CTF/V8SBX/ChromeGPU. Qrious Secure (@qriousec) & VnSecurity (@vnsec).
Oct 14, 2025 5 tweets 3 min read
Here to share more about the design of our vibe-only code fuzzer and how it found it first 0day. Put the "LUCK" factor aside, our fuzzer uses the same method as the legendary Google JS-fuzzer, with a some advantage provided by AI to perform various crucial task during fuzzing workflow:
- Coverage improvement;
- Code-snippet extraction;
- Mutation-plugin development;
- Minimization and 0x41-violation hunting. You may wonder why JS-fuzzer; Fuzzilli seems more popular and famous. That is rooted in our experience with vibe coding (from Smart Tab to Cursor, and now the Claude Code era). To us, AI is still terrible at large and complex code bases, so Fuzzilli is not something we should vibe; on the contrary, JS-fuzzer methodology is more AI-approachable. It takes existing test cases from a large corpus set, then inserts several random snippets from the DB (also extracted from the corpus). Finally, it tweaks the code using several mutators, each focused on a specific pattern.