diff --git a/api/types/fuzz_test.go b/api/types/fuzz_test.go
new file mode 100644
index 0000000000000..2747376bf45cb
--- /dev/null
+++ b/api/types/fuzz_test.go
@@ -0,0 +1,31 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseDuration(f *testing.F) {
+	f.Fuzz(func(t *testing.T, s string) {
+		require.NotPanics(t, func() {
+			parseDuration(s)
+		})
+	})
+}
diff --git a/api/utils/aws/fuzz_test.go b/api/utils/aws/fuzz_test.go
new file mode 100644
index 0000000000000..82457a08190a7
--- /dev/null
+++ b/api/utils/aws/fuzz_test.go
@@ -0,0 +1,47 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package aws
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseRDSEndpoint(f *testing.F) {
+	f.Fuzz(func(t *testing.T, endpoint string) {
+		require.NotPanics(t, func() {
+			ParseRDSEndpoint(endpoint)
+		})
+	})
+}
+
+func FuzzParseRedshiftEndpoint(f *testing.F) {
+	f.Fuzz(func(t *testing.T, endpoint string) {
+		require.NotPanics(t, func() {
+			ParseRedshiftEndpoint(endpoint)
+		})
+	})
+}
+
+func FuzzParseElastiCacheEndpoint(f *testing.F) {
+	f.Fuzz(func(t *testing.T, endpoint string) {
+		require.NotPanics(t, func() {
+			ParseElastiCacheEndpoint(endpoint)
+		})
+	})
+}
diff --git a/fuzz/corpora/fuzz_mongo_read/1 b/fuzz/corpora/fuzz_mongo_read/1
new file mode 100644
index 0000000000000..f55ebebee62b6
--- /dev/null
+++ b/fuzz/corpora/fuzz_mongo_read/1
@@ -0,0 +1 @@
+000¤000000000000
\ No newline at end of file
diff --git a/fuzz/corpora/fuzz_mssql_login/1 b/fuzz/corpora/fuzz_mssql_login/1
new file mode 100644
index 0000000000000..244c4866a0b96
Binary files /dev/null and b/fuzz/corpora/fuzz_mssql_login/1 differ
diff --git a/fuzz/corpora/fuzz_mssql_login/2 b/fuzz/corpora/fuzz_mssql_login/2
new file mode 100644
index 0000000000000..24cf31a26ef62
Binary files /dev/null and b/fuzz/corpora/fuzz_mssql_login/2 differ
diff --git a/fuzz/corpora/fuzz_mssql_login/3 b/fuzz/corpora/fuzz_mssql_login/3
new file mode 100644
index 0000000000000..fcb36690da39f
Binary files /dev/null and b/fuzz/corpora/fuzz_mssql_login/3 differ
diff --git a/fuzz/corpora/fuzz_mssql_login/4 b/fuzz/corpora/fuzz_mssql_login/4
new file mode 100644
index 0000000000000..204f5f05994a2
Binary files /dev/null and b/fuzz/corpora/fuzz_mssql_login/4 differ
diff --git a/fuzz/corpora/fuzz_mssql_login/5 b/fuzz/corpora/fuzz_mssql_login/5
new file mode 100644
index 0000000000000..bd7881085aa9c
Binary files /dev/null and b/fuzz/corpora/fuzz_mssql_login/5 differ
diff --git a/fuzz/corpora/fuzz_mssql_login/6 b/fuzz/corpora/fuzz_mssql_login/6
new file mode 100644
index 0000000000000..dbd5de9990e57
Binary files /dev/null and b/fuzz/corpora/fuzz_mssql_login/6 differ
diff --git a/fuzz/corpora/fuzz_mssql_login/7 b/fuzz/corpora/fuzz_mssql_login/7
new file mode 100644
index 0000000000000..ff88f8381f51d
Binary files /dev/null and b/fuzz/corpora/fuzz_mssql_login/7 differ
diff --git a/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response
new file mode 100644
index 0000000000000..e0b20053c492d
--- /dev/null
+++ b/fuzz/corpora/fuzz_parse_saml_in_response_to/saml_okta_response
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?><saml2p:Response Destination="https://boson.tener.io:3080/v1/webapi/saml/acs" ID="id336368461455218662129342736" InResponseTo="_4f256462-6c2d-466d-afc0-6ee36602b6f2" IssueInstant="2022-04-25T08:55:18.710Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/exk14fxcpjuKMcor30h8</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id336368461455218662129342736"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>uBRfvYvl5C/LPCh36uAmRLHW76+aDP3ngChtIwP3/Fc=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>M1VfkOOBH6r7niHhfGvf4OJ1HH5QJl83aD/b+mTDUUnXzHXgXlkb0BGQkSFn6ixojwCoXchpxCNzVLPN/tvfyY1dxP4MO8b+/07bGuVD2yTNlhN43/FFcDpmZ1ZDW8w2nPF1E5gy1lR8Wx2NgT3kQ2Ui1vRNX/KeX/P9NnABj4AjcshyHK2e49WLM/D4U84XOl7ODtzS7PTvtB0SGIwRE25G//8AsAv81eBfHL54Nz1HAqinMhxQtz32ZDXpKaAV6GypyBTvk6vo7Pkk4OiL6G9VIGC8Bd/gnavsc+Ickfuo7KTq8NDKTLB5WG34XKJqq6dGopSMrxr67oYjCEDZfw==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX4zyofpMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi04MTMzNTQxHDAaBgkqhkiG9w0BCQEW
+DWluZm9Ab2t0YS5jb20wHhcNMjIwMTA3MDkwNTU4WhcNMzIwMTA3MDkwNjU4WjCBkjELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
+BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtODEzMzU0MRwwGgYJ
+KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xQz+tLD5cNlOBfdohHvqNWIfC13OCSnUAe20qA0K8y+jtZrpwjtjjLX8iRuCx8dYc/nd6zYOhhSq
+2sLmrRa09wUXXTgnLGcj50gePTaroYLyF4FNgQWLvPHJk0FGcx6JvD6L+V5RzYwH87Fhg8niP4LZ
+EBw3iZnsIJN9KOuLuQeXTW0PIlMFzpCwT9aUCHCoLepe5Ou8oi8XcOCmsOESHPchV2RC/xQDIqRP
+Lp1Sf7NNJ6mTmP2gOoLwsz95beOLrEI+PI/GgZBqM3OutWA0L9mAbJK9T5dPAvhnwCV+SK2HvicJ
+T8c6uJxuKmoWv1t3SyaN0cIbmw6vj9CIf4DTwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWGgLL
+f3tgUZRGjmR5iiKeOeaEWG/eaF1nfenVfSaWT9ckimcXyLCY/P7CXEBiioVrxjky07iceJpi4rVE
+RcVZ8SGXCa0NroESmIFlIHez6vRTrqUsfDmidxsSCwY02eaBq+9gK5iXV5WeXMKbn0yeGwF+3PkU
+RAH1HuypwMH0FJRLIdW36pw7FCrGrXpk3UC6mEumXC9FptjSK1FlW+ZckgDprePOoUpypEygr2UC
+XXOsqT0dwBUUttdOQMZHqIiXS5VPJ8zhYPHBGYI8WGk5FWVuXIXhgRm7LN/EyXIvCOFmDH0tVnQL
+V115UGOwvjOOxmOFbYBn865SHgMndFtr</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertion ID="id33636846145688909913681942" IssueInstant="2022-04-25T08:55:18.710Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema"><saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.okta.com/exk14fxcpjuKMcor30h8</saml2:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#id33636846145688909913681942"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>XwJSotSzU2qLdzu/WDk8dpQ/Cy1Id88932S/95+N+Ds=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>qyIvGi1+w93AdGUj0+T5RYAq+CAjLSScMTMc7dLTEze6qr3mP51W/bCoZz8E47lpsbLeh0EiATa6h2Uaj6/34rILfCt3aQRNjNicu0gBKhePyNraapdnoyeqJEV8UrAOOKFiH30e5AvQ1nRZqfgY7KMt6cZH5/eXjUS63lPJJn4yr9vLw9loCdHCoHlaseh2IHi7CickyyxSMTX+Y58zpBy2g/KwN3K4oZM4a10ZYWkZpzkZJXDRSUkEc/wTTO7IPPY7Zv7R7UC+zjf5Px1sYeKTkkIxlZViZmtqjYuhibnTmhroJx7wX/LtOPxCkwLHlQRDACBNbP/UtrudU1ZMxA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAX4zyofpMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
+A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi04MTMzNTQxHDAaBgkqhkiG9w0BCQEW
+DWluZm9Ab2t0YS5jb20wHhcNMjIwMTA3MDkwNTU4WhcNMzIwMTA3MDkwNjU4WjCBkjELMAkGA1UE
+BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
+BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtODEzMzU0MRwwGgYJ
+KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+xQz+tLD5cNlOBfdohHvqNWIfC13OCSnUAe20qA0K8y+jtZrpwjtjjLX8iRuCx8dYc/nd6zYOhhSq
+2sLmrRa09wUXXTgnLGcj50gePTaroYLyF4FNgQWLvPHJk0FGcx6JvD6L+V5RzYwH87Fhg8niP4LZ
+EBw3iZnsIJN9KOuLuQeXTW0PIlMFzpCwT9aUCHCoLepe5Ou8oi8XcOCmsOESHPchV2RC/xQDIqRP
+Lp1Sf7NNJ6mTmP2gOoLwsz95beOLrEI+PI/GgZBqM3OutWA0L9mAbJK9T5dPAvhnwCV+SK2HvicJ
+T8c6uJxuKmoWv1t3SyaN0cIbmw6vj9CIf4DTwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCWGgLL
+f3tgUZRGjmR5iiKeOeaEWG/eaF1nfenVfSaWT9ckimcXyLCY/P7CXEBiioVrxjky07iceJpi4rVE
+RcVZ8SGXCa0NroESmIFlIHez6vRTrqUsfDmidxsSCwY02eaBq+9gK5iXV5WeXMKbn0yeGwF+3PkU
+RAH1HuypwMH0FJRLIdW36pw7FCrGrXpk3UC6mEumXC9FptjSK1FlW+ZckgDprePOoUpypEygr2UC
+XXOsqT0dwBUUttdOQMZHqIiXS5VPJ8zhYPHBGYI8WGk5FWVuXIXhgRm7LN/EyXIvCOFmDH0tVnQL
+V115UGOwvjOOxmOFbYBn865SHgMndFtr</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subject xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">ops@gravitational.io</saml2:NameID><saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationData InResponseTo="_4f256462-6c2d-466d-afc0-6ee36602b6f2" NotOnOrAfter="2022-04-25T09:00:18.711Z" Recipient="https://boson.tener.io:3080/v1/webapi/saml/acs"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditions NotBefore="2022-04-25T08:50:18.711Z" NotOnOrAfter="2022-04-25T09:00:18.711Z" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AudienceRestriction><saml2:Audience>https://boson.tener.io:3080/v1/webapi/saml/acs</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatement AuthnInstant="2022-04-25T08:03:11.779Z" SessionIndex="_4f256462-6c2d-466d-afc0-6ee36602b6f2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement><saml2:AttributeStatement xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">ops@gravitational.io</saml2:AttributeValue></saml2:Attribute><saml2:Attribute Name="groups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Everyone</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">okta-admin</saml2:AttributeValue><saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">okta-dev</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion></saml2p:Response>
\ No newline at end of file
diff --git a/fuzz/oss-fuzz-build.sh b/fuzz/oss-fuzz-build.sh
new file mode 100755
index 0000000000000..d2f80f3f24261
--- /dev/null
+++ b/fuzz/oss-fuzz-build.sh
@@ -0,0 +1,143 @@
+#!/bin/bash -eu
+
+TELEPORT_PREFIX="github.com/gravitational/teleport"
+
+prepare_teleport() {
+
+  go get github.com/AdamKorcz/go-118-fuzz-build/utils
+  go get -u all || true
+  go mod tidy
+  go get github.com/AdamKorcz/go-118-fuzz-build/utils
+
+  # Fix /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@v1.3.0/fuzz.go:13:21:
+  # not enough arguments in call to Parse
+  rm -f /root/go/pkg/mod/github.com/aws/aws-sdk-go-v2/internal/ini@*/fuzz.go
+
+}
+
+prepare_teleport_api() {
+
+  (cd api; go get github.com/AdamKorcz/go-118-fuzz-build/utils)
+
+}
+
+build_teleport_fuzzers() {
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
+    FuzzParserEvalBoolPredicate fuzz_parser_eval_bool_predicate
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth \
+    FuzzParseSAMLInResponseTo fuzz_parse_saml_in_response_to
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/restrictedsession \
+    FuzzParseIPSpec fuzz_parse_ip_spec
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
+    FuzzParseRefs fuzz_parse_refs
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/redis \
+    FuzzParseRedisAddress fuzz_parse_redis_address
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/sshutils/x11 \
+    FuzzParseDisplay fuzz_parse_display
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils/parse \
+    FuzzNewExpression fuzz_new_expression
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils/parse \
+    FuzzNewMatcher fuzz_new_matcher
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
+    FuzzParseProxyJump fuzz_parse_proxy_jump
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
+    FuzzParseWebLinks fuzz_parse_web_links
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/utils \
+    FuzzReadYAML fuzz_read_yaml
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/client \
+    FuzzParseProxyHost fuzz_parse_proxy_host
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/regular \
+    FuzzParseProxySubsys fuzz_parse_proxy_subsys
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/kube/proxy \
+    FuzzParseResourcePath fuzz_parse_resource_path
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mysql/protocol \
+    FuzzParsePacket fuzz_parse_mysql_packet
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mysql/protocol \
+    FuzzFetchMySQLVersion fuzz_fetch_mysql_version
+
+# compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth \
+#   FuzzParseAndVerifyIID fuzz_parse_and_verify_iid
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/client \
+    FuzzParseLabelSpec fuzz_parse_label_spec
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/sqlserver/protocol \
+    FuzzMSSQLLogin fuzz_mssql_login
+
+# compile_native_go_fuzzer $TELEPORT_PREFIX/lib/srv/db/mongodb/protocol \
+#   FuzzMongoRead fuzz_mongo_read
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/services \
+    FuzzParserEvalBoolPredicate fuzz_parser_eval_bool_predicate
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth/webauthn \
+    FuzzParseCredentialCreationResponseBody fuzz_parse_credential_creation_response_body
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/auth/webauthn \
+    FuzzParseCredentialRequestResponseBody fuzz_parse_credential_request_response_body
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/lib/web \
+    FuzzTdpMFACodecDecode fuzz_tdp_mfa_codec_decode
+
+}
+
+build_teleport_api_fuzzers() {
+
+  cd api
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/types \
+    FuzzParseDuration fuzz_parse_duration
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
+    FuzzParseRDSEndpoint fuzz_parse_rds_endpoint
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
+    FuzzParseRedshiftEndpoint fuzz_parse_redshift_endpoint
+
+  compile_native_go_fuzzer $TELEPORT_PREFIX/api/utils/aws \
+    FuzzParseElastiCacheEndpoint fuzz_parse_elasti_cache_endpoint
+
+  cd -
+
+}
+
+compile() {
+
+  prepare_teleport
+  prepare_teleport_api
+
+  build_teleport_fuzzers
+  build_teleport_api_fuzzers
+
+}
+
+copy_corpora() {
+
+  # generate corpus
+  for fuzzer_path in fuzz/corpora/fuzz_*
+  do
+    fuzzer_name=$OUT/$(basename "$fuzzer_path")
+    rm -f "$fuzzer_name"_seed_corpus.zip
+    zip --junk-paths "$fuzzer_name"_seed_corpus.zip $fuzzer_path/*
+  done
+
+}
+
+copy_corpora
+compile
diff --git a/lib/auth/fuzz_test.go b/lib/auth/fuzz_test.go
new file mode 100644
index 0000000000000..5948092de34b7
--- /dev/null
+++ b/lib/auth/fuzz_test.go
@@ -0,0 +1,44 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package auth
+
+import (
+	"encoding/base64"
+	"testing"
+
+	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseSAMLInResponseTo(f *testing.F) {
+	// Disable Go App Engine logging
+	logrus.SetLevel(logrus.PanicLevel)
+
+	f.Fuzz(func(t *testing.T, response string) {
+		require.NotPanics(t, func() {
+			ParseSAMLInResponseTo(base64.StdEncoding.EncodeToString([]byte(response)))
+		})
+	})
+}
+
+func FuzzParseAndVerifyIID(f *testing.F) {
+	f.Fuzz(func(t *testing.T, iidBytes []byte) {
+		require.NotPanics(t, func() {
+			parseAndVerifyIID(iidBytes)
+		})
+	})
+}
diff --git a/lib/auth/webauthn/fuzz_test.go b/lib/auth/webauthn/fuzz_test.go
new file mode 100644
index 0000000000000..5d2bb238e612a
--- /dev/null
+++ b/lib/auth/webauthn/fuzz_test.go
@@ -0,0 +1,44 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package webauthn
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/duo-labs/webauthn/protocol"
+)
+
+func FuzzParseCredentialCreationResponseBody(f *testing.F) {
+	f.Fuzz(func(t *testing.T, body []byte) {
+
+		require.NotPanics(t, func() {
+			protocol.ParseCredentialCreationResponseBody(bytes.NewReader(body))
+		})
+	})
+}
+
+func FuzzParseCredentialRequestResponseBody(f *testing.F) {
+	f.Fuzz(func(t *testing.T, body []byte) {
+
+		require.NotPanics(t, func() {
+			protocol.ParseCredentialRequestResponseBody(bytes.NewReader(body))
+		})
+	})
+}
diff --git a/lib/client/fuzz_test.go b/lib/client/fuzz_test.go
new file mode 100644
index 0000000000000..e696fa3be652b
--- /dev/null
+++ b/lib/client/fuzz_test.go
@@ -0,0 +1,47 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package client
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseProxyHost(f *testing.F) {
+	f.Fuzz(func(t *testing.T, proxyHost string) {
+		require.NotPanics(t, func() {
+			ParseProxyHost(proxyHost)
+		})
+	})
+}
+
+func FuzzParseLabelSpec(f *testing.F) {
+	f.Fuzz(func(t *testing.T, spec string) {
+		require.NotPanics(t, func() {
+			ParseLabelSpec(spec)
+		})
+	})
+}
+
+func FuzzParseSearchKeywords(f *testing.F) {
+	f.Fuzz(func(t *testing.T, spec string, customDelimiter rune) {
+		require.NotPanics(t, func() {
+			ParseSearchKeywords(spec, customDelimiter)
+		})
+	})
+}
diff --git a/lib/kube/proxy/fuzz_test.go b/lib/kube/proxy/fuzz_test.go
new file mode 100644
index 0000000000000..759f31dbc6e29
--- /dev/null
+++ b/lib/kube/proxy/fuzz_test.go
@@ -0,0 +1,32 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package proxy
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseResourcePath(f *testing.F) {
+	f.Fuzz(func(t *testing.T, path string) {
+
+		require.NotPanics(t, func() {
+			parseResourcePath(path)
+		})
+	})
+}
diff --git a/lib/restrictedsession/fuzz_test.go b/lib/restrictedsession/fuzz_test.go
new file mode 100644
index 0000000000000..c92b98bfffb1d
--- /dev/null
+++ b/lib/restrictedsession/fuzz_test.go
@@ -0,0 +1,31 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package restrictedsession
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseIPSpec(f *testing.F) {
+	f.Fuzz(func(t *testing.T, cidr string) {
+		require.NotPanics(t, func() {
+			ParseIPSpec(cidr)
+		})
+	})
+}
diff --git a/lib/services/fuzz_test.go b/lib/services/fuzz_test.go
new file mode 100644
index 0000000000000..a0710ec7fca21
--- /dev/null
+++ b/lib/services/fuzz_test.go
@@ -0,0 +1,58 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package services
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport/api/types"
+)
+
+func FuzzParseRefs(f *testing.F) {
+	f.Fuzz(func(t *testing.T, refs string) {
+		require.NotPanics(t, func() {
+			ParseRefs(refs)
+		})
+	})
+}
+
+func FuzzParserEvalBoolPredicate(f *testing.F) {
+	f.Fuzz(func(t *testing.T, expr string) {
+		resource, err := types.NewServerWithLabels("test-name", types.KindNode, types.ServerSpecV2{
+			Hostname: "test-hostname",
+			Addr:     "test-addr",
+			CmdLabels: map[string]types.CommandLabelV2{
+				"version": {
+					Result: "v8",
+				},
+			},
+		}, map[string]string{
+			"env": "prod",
+			"os":  "mac",
+		})
+		require.NoError(t, err)
+
+		parser, err := NewResourceParser(resource)
+		require.NoError(t, err)
+
+		require.NotPanics(t, func() {
+			parser.EvalBoolPredicate(expr)
+		})
+	})
+}
diff --git a/lib/srv/db/mongodb/protocol/fuzz_test.go b/lib/srv/db/mongodb/protocol/fuzz_test.go
index 188e756b8d726..001d315df9d5d 100644
--- a/lib/srv/db/mongodb/protocol/fuzz_test.go
+++ b/lib/srv/db/mongodb/protocol/fuzz_test.go
@@ -1,21 +1,17 @@
-//go:build go1.18
-
 /*
+Copyright 2022 Gravitational, Inc.
 
- Copyright 2022 Gravitational, Inc.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+    http://www.apache.org/licenses/LICENSE-2.0
 
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
 */
 
 package protocol
diff --git a/lib/srv/db/mysql/protocol/fuzz_test.go b/lib/srv/db/mysql/protocol/fuzz_test.go
index 6b4b6f19b8615..a51e1a8977c0a 100644
--- a/lib/srv/db/mysql/protocol/fuzz_test.go
+++ b/lib/srv/db/mysql/protocol/fuzz_test.go
@@ -1,5 +1,3 @@
-//go:build go1.18
-
 /*
 Copyright 2022 Gravitational, Inc.
 
diff --git a/lib/srv/db/redis/fuzz_test.go b/lib/srv/db/redis/fuzz_test.go
new file mode 100644
index 0000000000000..9b8c795cedbb6
--- /dev/null
+++ b/lib/srv/db/redis/fuzz_test.go
@@ -0,0 +1,31 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package redis
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseRedisAddress(f *testing.F) {
+	f.Fuzz(func(t *testing.T, addr string) {
+		require.NotPanics(t, func() {
+			ParseRedisAddress(addr)
+		})
+	})
+}
diff --git a/lib/srv/db/sqlserver/protocol/fuzz_test.go b/lib/srv/db/sqlserver/protocol/fuzz_test.go
index 30a62298e78f3..e479ee0fb0041 100644
--- a/lib/srv/db/sqlserver/protocol/fuzz_test.go
+++ b/lib/srv/db/sqlserver/protocol/fuzz_test.go
@@ -1,22 +1,17 @@
-//go:build go1.18
-
 /*
+Copyright 2022 Gravitational, Inc.
 
- Copyright 2022 Gravitational, Inc.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
 
+    http://www.apache.org/licenses/LICENSE-2.0
 
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
 */
 
 package protocol
diff --git a/lib/srv/regular/fuzz_test.go b/lib/srv/regular/fuzz_test.go
new file mode 100644
index 0000000000000..a70a48fec9da6
--- /dev/null
+++ b/lib/srv/regular/fuzz_test.go
@@ -0,0 +1,40 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package regular
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"github.com/gravitational/teleport/lib/srv"
+)
+
+func FuzzParseProxySubsys(f *testing.F) {
+	f.Fuzz(func(t *testing.T, request string) {
+		server := &Server{
+			hostname:  "redhorse",
+			proxyMode: true,
+		}
+
+		ctx := &srv.ServerContext{}
+
+		require.NotPanics(t, func() {
+			parseProxySubsys(request, server, ctx)
+		})
+	})
+}
diff --git a/lib/sshutils/x11/fuzz_test.go b/lib/sshutils/x11/fuzz_test.go
new file mode 100644
index 0000000000000..0bbb41aa4ad69
--- /dev/null
+++ b/lib/sshutils/x11/fuzz_test.go
@@ -0,0 +1,31 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package x11
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzParseDisplay(f *testing.F) {
+	f.Fuzz(func(t *testing.T, displayString string) {
+		require.NotPanics(t, func() {
+			ParseDisplay(displayString)
+		})
+	})
+}
diff --git a/lib/utils/fuzz_test.go b/lib/utils/fuzz_test.go
new file mode 100644
index 0000000000000..547f085d0b66c
--- /dev/null
+++ b/lib/utils/fuzz_test.go
@@ -0,0 +1,59 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package utils
+
+import (
+	"bytes"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"net/http"
+)
+
+func FuzzParseProxyJump(f *testing.F) {
+	f.Fuzz(func(t *testing.T, in string) {
+		require.NotPanics(t, func() {
+			ParseProxyJump(in)
+		})
+	})
+}
+
+func FuzzParseWebLinks(f *testing.F) {
+	f.Fuzz(func(t *testing.T, s string) {
+		links := strings.Split(s, "|")
+		require.NotPanics(t, func() {
+			inResponse := &http.Response{
+				Header: http.Header{
+					"Link": links,
+				},
+			}
+			ParseWebLinks(inResponse)
+		})
+	})
+}
+
+func FuzzReadYAML(f *testing.F) {
+	f.Fuzz(func(t *testing.T, dataBytes []byte) {
+		data := bytes.NewReader(dataBytes)
+
+		require.NotPanics(t, func() {
+			ReadYAML(data)
+		})
+	})
+}
diff --git a/lib/utils/parse/fuzz_test.go b/lib/utils/parse/fuzz_test.go
new file mode 100644
index 0000000000000..e981fd9bf95dd
--- /dev/null
+++ b/lib/utils/parse/fuzz_test.go
@@ -0,0 +1,39 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package parse
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzNewExpression(f *testing.F) {
+	f.Fuzz(func(t *testing.T, variable string) {
+		require.NotPanics(t, func() {
+			NewExpression(variable)
+		})
+	})
+}
+
+func FuzzNewMatcher(f *testing.F) {
+	f.Fuzz(func(t *testing.T, value string) {
+		require.NotPanics(t, func() {
+			NewMatcher(value)
+		})
+	})
+}
diff --git a/lib/web/fuzz_test.go b/lib/web/fuzz_test.go
new file mode 100644
index 0000000000000..ba1b22726d4a1
--- /dev/null
+++ b/lib/web/fuzz_test.go
@@ -0,0 +1,32 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package web
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzTdpMFACodecDecode(f *testing.F) {
+	f.Fuzz(func(t *testing.T, buf []byte) {
+		require.NotPanics(t, func() {
+			codec := tdpMFACodec{}
+			codec.decode(buf, "")
+		})
+	})
+}