Research-oriented Cybersecurity startup specializing in #fuzzing, Vulnerability Research & Offensive security on Mobile, Browser, AI/LLM, Network & Blockchain.
Joined August 2020
- Tweets 816
- Following 3,687
- Followers 9,049
- Likes 757
295 Photos and videos
Pinned Tweet
30 Oct 2025
💥 We’ve just raised €1M in pre-seed funding to accelerate the development of FuzzForge.
When I started FuzzingLabs, everything was bootstrapped: our audits, our trainings, our R&D.
No investors, no funding. Just a passionate team obsessed with offensive security and the belief that we could build something different.
Three years later, we’re 30 and we are now entering a new chapter.
This funding will allow us to:
- accelerate the open-source development of FuzzForge,
- build its marketplace of agents and workflows,
- and expand the SaaS version to automate vulnerability research at scale.
A huge thanks to @class_lambda and @ergodicgroup for their strategic support and trust in our vision:
--> making offensive security more intelligent, collaborative, and automated.
FuzzForge is already open source and under active development.
You can check it out here:
🔗 github.com/FuzzingLabs/fuzzf…
5
40
270
20,376
Jun 2
Excited to be there end of the year !!
Looking forward to show to the community what we have build with fuzzforge, our ai agents orchestration platform for embedded security !
Jun 2
Excited to welcome @FuzzingLabs as an Exhibit Sponsor for Hardwear.io Netherlands 2026. 🚀
Looking forward to having their team and research expertise.
Registrations & CFPs now live: hardwear.io/nl-2026/cfp/?utm…
#HardwearNL2026 #ExhibitSponsor
1
1
5
1,418
Jun 1
🚀 FuzzingLabs has joined the OVHcloud Startup Program.
This will help us scale #FuzzForge, our platform orchestrating specialized AI agents for continuous offensive validation on firmware, binaries, and embedded systems, on sovereign European cloud infrastructure.
Aligned with what our customers in defense, industrial, and critical sectors need: sovereign, European & CRA-ready by design.
Thanks to the OVHcloud team for the support.
#Cybersecurity #AI #SovereignCloud #OVHcloud #FuzzForge
3
16
1,186
May 26
🚀 FuzzingLabs is now part of the @NVIDIA Inception Program!
We're building FuzzForge, our AI agents platform leveraging GPU infrastructure for Continuous Offensive Validation on firmware, binaries & embedded systems.
Scaling fine-tuned Qwen, Gemma & DeepSeek for offensive security. 🔥
#NVIDIAInception #AI #Cybersecurity
3
42
2,405
May 25
We have been selected to join the Cyber Defense Factory, a program run by the French Ministry of Armed Forces.
This is a concrete validation of what we've been building with FuzzForge and a chance to test it on defense-grade use cases, working directly with DGA teams.
Six months of hands-on work, real targets, real feedback from people who know exactly what vulnerability detection security tools need to deliver.
Thank you to @DGA - Direction générale de l'armement, COMCYBER and the Agence de l'innovation de défense for making this possible.
Excited for what's ahead. 🔥
9
29
2,947
May 19
Last week at @offensive_con 2026, @_Noiche and @Pat_Ventuzelo presented "Navigating the MTE Landscape: iOS Memory Protection Deep Dive"
A tour through Apple's MIE: (E)MTE internals, XNU integration, kernel zalloc tagging policy, and the new XZone malloc in userland.
Slides 👇
fuzzinglabs.com/wp-content/u…
#OffensiveCon #iOS #MTE
1
32
132
19,435
May 11
We got the email too.
We had a working RCE on Oracle Autonomous AI Database ready to demonstrate live at #Pwn2Own Berlin next week. ZDI confirmed they're at maximum capacity and can't add extra contest days.
AI is now generating offensive capability faster than the institutions built to process it can keep up.
We'll be in Berlin May 14-16 regardless. The conversations there will be really interesting!
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3 weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150 researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
3
34
241
44,795
May 7
Our team found a Poseidon hash collision in Solana's Agave VM crypto syscall.
Two distinct byte inputs → same field element → same Poseidon output. Affects both Agave and Firedancer via implicit padding paths.
Full write-up:
fuzzinglabs.com/solana-agave…
Good job by @Ectari0
3
14
68
5,529
May 6
New training is live: Reversing Modern Binaries - Practical Rust & Go Analysis
4 days, hands-on, built from real malware (Luca Stealer & others).
Battle-tested at POC & REcon.
🎟️ Launch -20% with REVERSE20
Prefer in-person? See you at REcon Montreal 🇨🇦
👉 academy.fuzzinglabs.com/reve…
2
13
1,580
May 5
New blog post: exploring NVIDIA’s open-source GPU drivers.
Kernel modules, IOCTL attack surface, mmap primitives, UVM internals, and CPU↔GPU interactions (pushbuffers → firmware).
Not just graphics: a large, exposed kernel surface.
fuzzinglabs.com/exploring-nv…
30
94
5,831
Apr 16
We reproduced and analyzed CVE-2026-23111, a Linux kernel vulnerability in nftables that led to a use-after-free which we leveraged to achieve local privilege escalation.
Full write-up:
fuzzinglabs.com/repro-cve-20…
2
18
60
4,124
Apr 16
We also share how we managed to exploit it:
- which structures we sprayed to reclaim the freed memory
- how we obtained leaks and an arbitrary read primitive
- how we hijacked the control flow to achieve local privilege escalation on a production kernel
1
1
520
Apr 16
If you're working on:
- kernel security
- fuzzing strategies
- exploit development
this case is a solid example of real-world bug anatomy.
Full analysis:
fuzzinglabs.com/repro-cve-20…
1
1
377
Mar 16
🏴☠️ Proud to sponsor @ph0wn CTF 2026 this weekend including the Skull Island badges!
Amazing hardware/IoT CTF as always. Big thanks to @cryptax and the whole team for the incredible challenges.
ph0wn.org 🐊
#Ph0wnCTF #CTF #IoTSecurity #HardwareSecurity
1
6
20
1,758
Feb 19
🚀 New training live: Masterclass – Scapy for Offensive Security
Learn how to:
• Craft & manipulate packets
• Build & fuzz a DNS server
• Do differential fuzzing
• Reproduce real CVEs
• Analyze parsing & overflow bugs
Hands-on. Offensive. Practical.
Enroll 👇
academy.fuzzinglabs.com/mast…
8
45
2,866
Feb 16
We just rewrote FuzzForge from scratch and open-sourced it.
Old: Temporal MinIO workers backend. Heavy.
New: CLI MCP server containerized modules. Zero infra.
🖥️ Runs fully local
🧠 Plug your favorite LLM (Copilot, Claude, local models…)
🔗 AI agents orchestrate full security pipelines via MCP
Demo: 4 modules, 3 min, 994 crashes → 3 unique bugs.
AI-native security research.
github.com/FuzzingLabs/fuzzf…
4
29
183
10,976
Feb 10
🇨🇦 FuzzingLabs at @reconmtl Montréal 2026!
This June, we’re delivering 3 advanced, hands-on trainings at REcon:
🦀 Rust Development for Cyber Security
🔍 Reversing Modern Rust & Go Binaries
📡 Attacking Real-World IoT & Embedded Devices
📅 June 15–18, 2026
🔗 recon.cx/2026/en/index.html
Deep technical content. Real-world targets. No fluff.
See you in Montréal 👋
3
22
2,310
Feb 3
We won our entry at #Pwn2Own Automotive 🏆
🎯 Target: Phoenix Contact CHARX SEC-3150
🔓 Auth bypass priv esc
💰 $20,000
⭐ 4 Master of Pwn points
Congrats to Julien & the team.
Thanks to @thezdi
#Pwn2Own #Infosec #AutomotiveSecurity
1
8
80
4,856