Quality assurance · Production

Meta's ACH uses LLM-based mutation testing to harden platforms against privacy and compliance regressions

The problem

Traditional automated test generation only sought to increase code coverage rather than targeting specific faults, and mutation testing required engineers to manually write tests with no guarantee those tests would catch the generated mutants, making the process painstaking and difficult to scale.

First attempt

Earlier rule-based mutant generation produced mutants that were not realistic in terms of representing actual concerns, and engineers still had to manually write the tests with no guarantee those tests would catch the automatically-generated mutants.

Workflow diagram · grounded in source
1
Engineer describes bug concerns
trigger
“We describe the faults we care about to ACH in plain text. The description can be incomplete, and even self-contradictory, yet ACH still generates tests that it proves will catch bugs of the kind described”
2
LLM generates relevant mutants
ai_action
“ACH uses that description to automatically generate lots of bugs”
3
LLM generates catching tests
ai_action
“ACH uses the generated bugs to automatically generate lots of tests that catch them”
4
Verifiable assurance validation
validation
“it keeps verifiable assurances that its tests do catch the kind of faults described”
Reported outcome

ACH has been applied to Facebook Feed, Instagram, Messenger, and WhatsApp; engineers found it useful for hardening code against specific concerns; the approach generates mutants and tests very efficiently and with a high level of accuracy.

Reported metrics
Test and mutant generation efficiencyvery efficiently and with a high level of accuracy
Impact on regression hardeningsignificant impact on hardening against future regressions
Developer cognitive loadreduce cognitive load for developers
Reported stack
ACHLLMs
Source
https://engineering.fb.com/2025/02/05/security/revolutionizing-software-testing-llm-powered-bug-catchers-meta-ach/
Read source ↗

Frequently asked questions

What did this team achieve with this AI workflow?

ACH has been applied to Facebook Feed, Instagram, Messenger, and WhatsApp; engineers found it useful for hardening code against specific concerns; the approach generates mutants and tests very efficiently and with a h…

What tools did this team use?

ACH, LLMs.

What results were reported?

Test and mutant generation efficiency: very efficiently and with a high level of accuracy; Impact on regression hardening: significant impact on hardening against future regressions; Developer cognitive load: reduce cognitive load for developers (source-reported, not independently verified).

What failed first in this deployment?

Earlier rule-based mutant generation produced mutants that were not realistic in terms of representing actual concerns, and engineers still had to manually write the tests with no guarantee those tests would catch the…

How is this quality assurance AI workflow structured?

Engineer describes bug concerns → LLM generates relevant mutants → LLM generates catching tests → Verifiable assurance validation.