Sanitizers, including tools like AddressSanitizer and MemorySanitizer, play a crucial role in detecting security vulnerabilities in C/C++ applications. These vulnerabilities arise from undefined behaviors (UB) such as buffer overflow, use after free, integer overflow, and more. Powered by fuzzing, sanitizers have proven highly effective, with the Google OSS-Fuzz service alone identifying over 20,000 bugs. However, our latest research indicates that many undefined behaviors can elude sanitizers’ detection. In this talk, I will shed light on the primary reasons for these omissions: (1) inherent design limitations of sanitizers, (2) aggressive compiler optimizations, and (3) bugs in sanitizer implementations. Furthermore, I will introduce our latest research endeavors aimed at rectifying these blind spots.