TUM Logo

SOK LLM-Enhanced Fuzzing for Vulnerability Detection

SOK LLM-Enhanced Fuzzing for Vulnerability Detection

Supervisor(s): Marius Momeu Manuel Andreas
Status: finished
Topic: Others
Author: Alexiy Zhandarov
Submission: 2025-06-02
Type of Thesis: Bachelorthesis

Description

The recent emergence of large language models (LLMs) has introduced new opportunities
in software testing, particularly in the automation of tasks traditionally requiring
human-crafted components such as inputs, grammars, and test drivers. This thesis
systematically explores the integration of LLMs into fuzzing workflows - a process
known as LLM-enhanced or LLM-based fuzzing. Covering 20 state-of-the-art papers
published between 2023 and early 2025, this work categorizes LLM applications into
four core roles: initial seed generation, seed/input mutation, driver/generator & analysis
assistance, and full-pipeline integration. Through this taxonomy, the thesis identifies
trends in model usage, effectiveness in increasing code coverage and bug discovery,
and the growing reliance on modular, feedback-driven architectures. While results
show clear improvements in several areas, challenges remain. Drawing from both from
academic literature and practitioner surveys, this thesis highlights the strengths and
shortcomings of current approaches, and contributes a practical recreation of one of the
techniques evaluated to test its performance under real world constraints. This thesis
concludes with a discussion of future directions for LLM-assisted fuzzing and its role
in scalable, intelligent vulnerability discovery.