How AI is redefining fuzz testing for automotive software

In a July 2025 episode of the "Empowering Tomorrow's Automotive Software" podcast, host Zane Pelletier, service manager for Enterprise and ICS Security Services in the Americas at ETAS, and guest Irina Nicolae, a research scientist with the Bosch Center for Artificial Intelligence, discussed the use of AI in embedded fuzz testing for automotive modules.

The podcast highlights that AI-guided fuzz testing is a promising approach for improving the efficiency and effectiveness of automotive cybersecurity testing. We’ve highlighted some of the topics included in the discussion in this article – you can hear the full episode here or wherever you listen to podcasts (e.g., Spotify, Apple Podcasts, Amazon Music, iHeart Radio, etc.)

What is Embedded Fuzz Testing?

Fuzz testing is a cybersecurity technique that involves sending carefully crafted, pseudo-randomized inputs to a device's interfaces to identify software or hardware bugs. The goal is to monitor for adverse events, including a failure to respond, a watchdog timer trigger, or other conditions that could signal a security issue or a safety-critical flaw.

Unlike fuzz testing for traditional IT software, testing embedded devices in vehicles presents unique challenges. These devices, such as those for braking or powertrain control, are often safety critical. In addition, many of the communication protocols are proprietary and not well documented, making the process of finding bugs similar to finding a needle in a haystack. Furthermore, each controller is different, requiring testers to start from scratch with each new test. The pseudo-random nature of fuzz testing is not efficient and requires significant time and hardware resources.

ETAS offers a solution, CycurFUZZ, that improves the robustness and cyber resilience of your automotive systems throughout the development and validation process. CycurFUZZ uncovers 66-600% more safety-related vulnerabilities and undetected software defects than other available tools.

The Role of AI in Improving Fuzz Testing

The idea of using AI came from the realization that similar bugs were repeatedly being found across different modules and even across different suppliers. To overcome the inefficiencies of traditional fuzzing, Zane Pelletier and his team, in collaboration with the Bosch Center for Artificial Intelligence decided to try training a machine learning model to be aware of historical issues and understand the threat model for vehicle networks

The podcast elaborates on the project, explaining that the team used a transformer-based model, similar to those used in large language models (LLMs). The model was not trained to simply generate new test cases randomly, but to predict the next bytes in a data sequence based on the input stream, allowing it to generate more intelligent test cases that were more likely to find a bug.

The project's success was heavily dependent on the quality of the training data. The team learned that using real-world traffic data was critical, as it gave the model a more accurate understanding of what "normal" network traffic looks like, which is essential for identifying anomalies. The importance of the fine-tuning phase was also highlighted, as this step allowed the team to adapt the model to specific modules and communication protocols, further increasing its effectiveness.

The most common failure discovered through this process is a denial of service (DoS), which renders the module unresponsive to other parts of the vehicle's network. This is particularly dangerous in automotive networks, where modules are expected to respond in milliseconds. Other failures include crashing the communication stack or bypassing security authentication on a module.

By leveraging AI, the traditional inefficiencies of embedded fuzz testing are being overcome. This project and collaboration demonstrate a successful, data-driven approach that moves beyond pseudo-random inputs to intelligently target potential vulnerabilities. This method represents a significant step forward in securing the increasingly complex and connected vehicles of the future.