Show HN: Fuzz Forge, vulnerability discovery with AI and fuzzing

1 hour ago 2

AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security

_{Overview
• Features
• Installation
• Quickstart
• AI Demo
• Contributing
• Roadmap}

FuzzForge helps security researchers and engineers automate application security and offensive security workflows with the power of AI and fuzzing frameworks.

Orchestrate static & dynamic analysis
Automate vulnerability research
Scale AppSec testing with AI agents
Build, share & reuse workflows across teams

FuzzForge is open source, built to empower security teams, researchers, and the community.

🚧 FuzzForge is under active development. Expect breaking changes.

If you find FuzzForge useful, please star the repo to support development 🚀

🤖 AI Agents for Security – Specialized agents for AppSec, reversing, and fuzzing
🛠 Workflow Automation – Define & execute AppSec workflows as code
📈 Vulnerability Research at Scale – Rediscover 1-days & find 0-days with automation
🔗 Fuzzer Integration – AFL, Honggfuzz, AFLnet, StateAFL & more
🌐 Community Marketplace – Share workflows, corpora, PoCs, and modules
🔒 Enterprise Ready – Team/Corp cloud tiers for scaling offensive security

Python 3.11+ Python 3.11 or higher is required.

uv Package Manager

curl -LsSf https://astral.sh/uv/install.sh | sh

Docker For containerized workflows, see the Docker Installation Guide.

Before running docker compose up, configure Docker to allow insecure registries (required for the local registry).

Add the following to your Docker daemon configuration:

{ "insecure-registries": [ "localhost:5000", "host.docker.internal:5001", "registry:5000" ] }

macOS (Docker Desktop):

Open Docker Desktop
Go to Settings → Docker Engine
Add the insecure-registries configuration to the JSON
Click "Apply & Restart"

Linux:

Edit /etc/docker/daemon.json (create if it doesn't exist):
sudo nano /etc/docker/daemon.json
Add the configuration above
Restart Docker:
sudo systemctl restart docker

After installing the requirements, install the FuzzForge CLI:

# Clone the repository git clone https://github.com/fuzzinglabs/fuzzforge_ai.git cd fuzzforge_ai # Install CLI with uv (from the root directory) uv tool install --python python3.12 .

Run your first workflow :

# 1. Clone the repo git clone https://github.com/fuzzinglabs/fuzzforge_ai.git cd fuzzforge_ai # 2. Build & run with Docker # Set registry host for your OS (local registry is mandatory) # macOS/Windows (Docker Desktop): export REGISTRY_HOST=host.docker.internal # Linux (default): # export REGISTRY_HOST=localhost docker compose up -d

The first launch can take 5-10 minutes due to Docker image building - a good time for a coffee break ☕

# 3. Run your first workflow cd test_projects/vulnerable_app/ # Go into the test directory fuzzforge init # Init a fuzzforge project ff workflow run security_assessment . # Start a workflow (you can also use ff command)

Setting up and running security workflows through the interface

👉 More installation options in the Documentation.

AI-Powered Workflow Execution

AI agents automatically analyzing code and providing security insights

We welcome contributions from the community!
There are many ways to help:

Report bugs by opening an issue
Suggest new features or improvements
Submit pull requests with fixes or enhancements
Share workflows, corpora, or modules with the community

See our Contributing Guide for details.

Planned features and improvements:

📦 Public workflow & module marketplace
🤖 New specialized AI agents (Rust, Go, Android, Automotive)
🔗 Expanded fuzzer integrations (LibFuzzer, Jazzer, more network fuzzers)
☁️ Multi-tenant SaaS platform with team collaboration
📊 Advanced reporting & analytics

👉 Follow updates in the GitHub issues and Discord.

FuzzForge is released under the Business Source License (BSL) 1.1, with an automatic fallback to Apache 2.0 after 4 years.
See LICENSE and LICENSE-APACHE for details.

Read Entire Article