Colloquium lecture: Juni, 23 2026, AI-Enhanced Fuzzing for Vulnerability Discovery in Embedded Power Conversion

Supervisor: Al Sardy

Bild Besprechungsraum 04.137

Power conversion systems are critical embedded components in automotive, industrial, and renewable energy applications. Their firmware manages complex state machines, analog sensor inputs, and peripheral communication protocols under strict safety constraints. Traditional fuzzing approaches struggle with this domain because random mutations generate semantically invalid inputs that firmware immediately rejects, limiting exploration of critical execution paths.

Reaching critical firmware states requires precise input sequences in correct order, which random exploration rarely achieves. Without runtime state visibility, fuzzers cannot distinguish repetitive testing from meaningful exploration of new logic branches. Safety constraints further complicate testing, as violations can damage hardware. No existing work systematically combines documentation-aware input generation with state exploration specifically for embedded power conversion firmware. Recent advances demonstrate that Large Language Models (LLMs) and multi-agent systems can enhance fuzzing by improving semantic awareness and test-case generation. This thesis investigates how retrieval augmented AI agents can address these challenges by generating physically plausible inputs and systematically exploring firmware states in power conversion systems.

Research Objectives

  • Survey and analyze: state-of-the-art fuzzing approaches for embedded firmware, with emphasis on AIenhanced and multi-agent techniques, producing a taxonomy of domain-specific challenges.
  • Design a multi-agent framework: using pre-trained language models with retrieval-augmented generation to enhance traditional fuzzing tools for embedded power conversion firmware.
  • Implement and integrate: documentation retrieval for constraint extraction, agents for input generation, peripheral emulation, and state classification, with safe testing harnesses for embedded firmware.
  • Evaluate rigorously: through benchmark  comparison against established fuzzers (AFL++, libFuzzer, honggfuzz) using 30 independent trials, 24-hour campaigns, and statistical significance testing (Mann- Whitney U, A12 effect size).
  • Case Study: Apply framework to Infineon power conversion firmware to demonstrate effectiveness on real-world embedded systems.

Room 04.137, Martensstr. 3, Erlangen

or

Zoom-Meeting:
https://fau.zoom-x.de/j/68350702053?pwd=UkF3aXY0QUdjeSsyR0tyRWtLQ0hYUT09

Meeting-ID: 683 5070 2053
Code: 647333

Last update: