diff --git a/CLAUDE.md b/CLAUDE.md
index 8e4a30f..424252d 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -27,24 +27,33 @@ nix build .#
 ## Fuzzing
 
 ```bash
-# Enter fuzz devShell (nightly Rust + cargo-fuzz)
+# Enter cargo-fuzz devShell (nightly Rust + cargo-fuzz)
 nix develop .#fuzz
 cd vmsilo-dbus-proxy && cargo fuzz run <target>
 
-# Or one-liner
-nix run .#fuzz-dbus-proxy -- <target>
+# Or one-liner (cargo-fuzz / libFuzzer)
+nix run .#fuzz-cargo-dbus-proxy -- <target>
 
-# Parallel fuzzing (restarts automatically on crash)
-nix run .#fuzz-dbus-proxy -- <target> --fork=4
+# Parallel cargo-fuzz (restarts automatically on crash)
+nix run .#fuzz-cargo-dbus-proxy -- <target> --fork=4
 
-# Re-test artifacts after a fix, delete those that no longer crash
-nix run .#fuzz-clean-dbus-proxy -- <target>
+# Re-test cargo-fuzz artifacts after a fix, delete those that no longer crash
+nix run .#fuzz-clean-cargo-dbus-proxy -- <target>
 
-# Generate/refresh seed corpus for deserialize targets
-cd vmsilo-dbus-proxy && cargo run --manifest-path fuzz/Cargo.toml --bin generate_seeds
+# AFL++ with SymCC (single instance)
+nix run .#fuzz-afl-dbus-proxy -- <target>
+
+# AFL++ parallel (1 main + 3 secondaries + SymCC companion)
+nix run .#fuzz-afl-dbus-proxy -- <target> --jobs=4
+
+# Re-test AFL++ crash files after a fix
+nix run .#fuzz-clean-afl-dbus-proxy -- <target>
+
+# Generate/refresh seed corpus for both engines
+nix run .#fuzz-gen-corpus
 ```
 
-Fuzz targets live in `vmsilo-dbus-proxy/fuzz/`. Protocol types have `Arbitrary` derives behind the `fuzz` feature flag. Invariant assertions are in `src/fuzz_helpers.rs`.
+Fuzz targets live in `vmsilo-dbus-proxy/fuzz/` (cargo-fuzz) and `vmsilo-dbus-proxy/fuzz-afl/` (AFL++). Protocol types have `Arbitrary` derives behind the `fuzz` feature flag. Invariant assertions are in `src/fuzz_helpers.rs`.
 
 ### Fixing fuzz findings