Olivia
Online
FuzzingLabs
@FuzzingLabs
Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
Paris
Joined August 2020
3.7K Following
9K Followers
816 Posts
Pinned Tweet
💥 We’ve just raised €1M in pre-seed funding to accelerate the development of FuzzForge.
When I started FuzzingLabs, everything was bootstrapped: our audits, our trainings, our R&D.
No investors, no funding. Just a passionate team obsessed with offensive security and the belief that we could build something different.
Three years later, we’re 30 and we are now entering a new chapter.
This funding will allow us to:
- accelerate the open-source development of FuzzForge,
- build its marketplace of agents and workflows,
- and expand the SaaS version to automate vulnerability research at scale.
A huge thanks to @class_lambda and @ergodicgroup for their strategic support and trust in our vision:
--> making offensive security more intelligent, collaborative, and automated.
FuzzForge is already open source and under active development.
You can check it out here:
🔗 https://t.co/cfAqPPV1Fw
Excited to be there end of the year !!
Looking forward to show to the community what we have build with fuzzforge, our ai agents orchestration platform for embedded security !
Excited to welcome @FuzzingLabs as an Exhibit Sponsor for https://t.co/PVi7u42ZZR Netherlands 2026. 🚀
Looking forward to having their team and research expertise.
Registrations & CFPs now live: https://t.co/MVMcy6c0SF
#HardwearNL2026 #ExhibitSponsor
🚀 FuzzingLabs has joined the OVHcloud Startup Program.
This will help us scale #FuzzForge, our platform orchestrating specialized AI agents for continuous offensive validation on firmware, binaries, and embedded systems, on sovereign European cloud infrastructure.
Aligned with what our customers in defense, industrial, and critical sectors need: sovereign, European & CRA-ready by design.
Thanks to the OVHcloud team for the support.
#Cybersecurity #AI #SovereignCloud #OVHcloud #FuzzForge
🚀 FuzzingLabs is now part of the @NVIDIA Inception Program!
We're building FuzzForge, our AI agents platform leveraging GPU infrastructure for Continuous Offensive Validation on firmware, binaries & embedded systems.
Scaling fine-tuned Qwen, Gemma & DeepSeek for offensive security. 🔥
#NVIDIAInception #AI #Cybersecurity
Who to follow
reverseame
@reverseame
RME-DisCo research group from University of Zaragoza. Special interest on software and systems security. Link to our Telegram channel: https://t.co/UmkcXVG8MU
RET2 Systems
@ret2systems
We strive to reimagine vulnerability research, program analysis, and security education as it exists today. An @RPISEC corporation.
Linux Kernel Security
@linkersec
Links related to Linux kernel security and exploitation.
Maintained by @andreyknvl and @a13xp0p0v.
Also on https://t.co/GVE11dpBb8 and https://t.co/YpxPWXnA6Z.
We have been selected to join the Cyber Defense Factory, a program run by the French Ministry of Armed Forces.
This is a concrete validation of what we've been building with FuzzForge and a chance to test it on defense-grade use cases, working directly with DGA teams.
Six months of hands-on work, real targets, real feedback from people who know exactly what vulnerability detection security tools need to deliver.
Thank you to @DGA - Direction générale de l'armement, COMCYBER and the Agence de l'innovation de défense for making this possible.
Excited for what's ahead. 🔥
Last week at @offensive_con 2026, @_Noiche and @Pat_Ventuzelo presented "Navigating the MTE Landscape: iOS Memory Protection Deep Dive"
A tour through Apple's MIE: (E)MTE internals, XNU integration, kernel zalloc tagging policy, and the new XZone malloc in userland.
Slides 👇
https://t.co/Q9hZgBgrJf
#OffensiveCon #iOS #MTE
We got the email too.
We had a working RCE on Oracle Autonomous AI Database ready to demonstrate live at #Pwn2Own Berlin next week. ZDI confirmed they're at maximum capacity and can't add extra contest days.
AI is now generating offensive capability faster than the institutions built to process it can keep up.
We'll be in Berlin May 14-16 regardless. The conversations there will be really interesting!
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
Our team found a Poseidon hash collision in Solana's Agave VM crypto syscall.
Two distinct byte inputs → same field element → same Poseidon output. Affects both Agave and Firedancer via implicit padding paths.
Full write-up:
https://t.co/zYoJaGdeUE
Good job by @Ectari0
New training is live: Reversing Modern Binaries - Practical Rust & Go Analysis
4 days, hands-on, built from real malware (Luca Stealer & others).
Battle-tested at POC & REcon.
🎟️ Launch -20% with REVERSE20
Prefer in-person? See you at REcon Montreal 🇨🇦
👉 https://t.co/GLdOBfKqnR
New blog post: exploring NVIDIA’s open-source GPU drivers.
Kernel modules, IOCTL attack surface, mmap primitives, UVM internals, and CPU↔GPU interactions (pushbuffers → firmware).
Not just graphics: a large, exposed kernel surface.
https://t.co/2LO5vVXdM0
If you're working on:
- kernel security
- fuzzing strategies
- exploit development
this case is a solid example of real-world bug anatomy.
Full analysis:
https://t.co/cc0kG97fmK
We reproduced and analyzed CVE-2026-23111, a Linux kernel vulnerability in nftables that led to a use-after-free which we leveraged to achieve local privilege escalation.
Full write-up:
https://t.co/cc0kG97fmK
We also share how we managed to exploit it:
- which structures we sprayed to reclaim the freed memory
- how we obtained leaks and an arbitrary read primitive
- how we hijacked the control flow to achieve local privilege escalation on a production kernel
🏴☠️ Proud to sponsor @ph0wn CTF 2026 this weekend including the Skull Island badges!
Amazing hardware/IoT CTF as always. Big thanks to @cryptax and the whole team for the incredible challenges.
https://t.co/ZtHWjaNlkc 🐊
#Ph0wnCTF #CTF #IoTSecurity #HardwareSecurity
🚀 New training live: Masterclass – Scapy for Offensive Security
Learn how to:
• Craft & manipulate packets
• Build & fuzz a DNS server
• Do differential fuzzing
• Reproduce real CVEs
• Analyze parsing & overflow bugs
Hands-on. Offensive. Practical.
Enroll 👇
https://t.co/q4lqKNQRqo
We just rewrote FuzzForge from scratch and open-sourced it.
Old: Temporal + MinIO + workers + backend. Heavy.
New: CLI + MCP server + containerized modules. Zero infra.
🖥️ Runs fully local
🧠 Plug your favorite LLM (Copilot, Claude, local models…)
🔗 AI agents orchestrate full security pipelines via MCP
Demo: 4 modules, 3 min, 994 crashes → 3 unique bugs.
AI-native security research.
https://t.co/cfAqPPV1Fw
🇨🇦 FuzzingLabs at @reconmtl Montréal 2026!
This June, we’re delivering 3 advanced, hands-on trainings at REcon:
🦀 Rust Development for Cyber Security
🔍 Reversing Modern Rust & Go Binaries
📡 Attacking Real-World IoT & Embedded Devices
📅 June 15–18, 2026
🔗 https://t.co/RQnWfG2RJK
Deep technical content. Real-world targets. No fluff.
See you in Montréal 👋
We won our entry at #Pwn2Own Automotive 🏆
🎯 Target: Phoenix Contact CHARX SEC-3150
🔓 Auth bypass + priv esc
💰 $20,000
⭐ 4 Master of Pwn points
Congrats to Julien & the team.
Thanks to @thezdi
#Pwn2Own #Infosec #AutomotiveSecurity
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers