tags:llmfuzzingstatic_analysisdynamic_analysisai original link: Winning the AIxCC Qualification Round newsletter link: exploits.club Weekly Newsletter 40 - iOS Kernel Exploitation, CET Bypasses, Elgato Hardware Repair, And More
Exploits Club Summary:
Last month, Theori took first place at the AIxCC qualification round, securing their spot in the 2025 finals. The team put out a brief blog post documenting their experience thus far, and giving a small peek at how they approached the competition. The post starts with a background on AIxCC, discussing the purpose of the competition, types of challenges, and ways to earn points. It then takes a look at the teams technical approach, both for finding bugs and patching them. The team highlights their use of traditional static and dynamic analysis tools, and how they are paired with custom LLM agents. Naturally, there are a handful of challenges associated Theori discusses such as LLM hallucinations when writing a patch. Overall, while they clearly are keeping some cards close to the vest for the finals next year, it was nice to hear a bit more about their general approach to the problem space.