This work addresses the high cost of manually crafting domain-specific fuzzing generators and the limited state-space coverage of generic approaches. The authors propose an intelligent agent framework powered by large language models that automatically synthesizes target-oriented input generators by interacting with a terminal and analyzing source code. The framework optionally incorporates predicate-level coverage feedback for iterative refinement. Experimental evaluation on seven real-world Java libraries demonstrates that the approach significantly outperforms human-written baselines on four of them. Notably, the synthesized generators embed sufficient structural and semantic logic to replace conventional coverage-guided mutation strategies, marking the first demonstration that AI agents can autonomously produce high-quality fuzzing generators without relying on external feedback signals.

Modern generator-based fuzzing techniques combine lightweight input generators with coverage-guided mutation as a method of exploring deep execution paths in a target program. A complimentary approach in prior research focuses on creating highly customized, domain-specific generators that encode structural and semantic logic sufficient enough to reach deep program states; the challenge comes from the overhead of writing and testing these complex generators. We investigate whether AI coding agents can automatically synthesize such target-specific generators, and whether the resulting generators are strong enough to obviate the need for coverage guidance and mutation entirely. Our approach, Gentoo, is comprised of an LLM coding agent (provided terminal access and source code of the fuzz target and its library) instructed to iteratively synthesize and refine an input generator, and optionally provided fine-grained predicate-level coverage feedback. We evaluate three configurations of Gentoo against human-written generators on fuzz targets for 7 real-world Java libraries. Our findings show that agent-synthesized generators achieve statistically significantly higher branch coverage than human-written baseline generators on 4 of 7 benchmarks. Critically, the use of coverage guidance and mutation strategies is not statistically significantly beneficial for agent-synthesized generators, but is significant for all human-written generators, suggesting that structural and semantic logic encoded in the agent generators makes coverage guidance largely unnecessary.