FuzzingBrain V2 launches as a multi‑agent LLM system aimed at automating vulnerability discovery. Built on Google OSS‑Fuzz, it guarantees that every reported flaw can be reproduced by a fuzzer. The project tackles three longstanding LLM gaps: high false‑positive rates, coarse granularity, and difficulty reasoning about cross‑function bugs.

Its core innovations include Suspicious Point, a control‑flow abstraction that pinpoints defects at the optimal granularity, and a logic‑driven hierarchical function analysis that layers fuzzing to boost coverage when resources are scarce. The system also couples static and dynamic tools through MCP‑based context engineering to handle intricate triggering conditions.

On the AIxCC 2025 Final Competition C/C++ dataset, FuzzingBrain V2 achieved a 90% detection rate, finding 36 of 40 known vulnerabilities. In production, the tool uncovered 29 zero‑day flaws across 12 open‑source projects, all of which were patched and received CVE identifiers.

These results demonstrate that combining LLM reasoning with rigorous fuzzing and fine‑grained control‑flow analysis can close the gap between automated detection and human‑verified fixes. By delivering reproducible, low‑false‑positive reports, FuzzingBrain V2 offers security teams a practical weapon against the growing tide of software bugs.