diff --git a/scripts/fuzz-libfuzzer.sh b/scripts/fuzz-libfuzzer.sh
index 586cc16..c067137 100755
--- a/scripts/fuzz-libfuzzer.sh
+++ b/scripts/fuzz-libfuzzer.sh
@@ -3,6 +3,7 @@
 # Usage:
 #   ./scripts/fuzz-libfuzzer.sh              # all targets, 60s each, sanitizer none (stable-friendly)
 #   FUZZ_TIME=300 ./scripts/fuzz-libfuzzer.sh session_decrypt
+#   FUZZ_RUNS=2000 ./scripts/fuzz-libfuzzer.sh       # fixed iterations (e.g. CI), all targets
 #   SANITIZER=address ./scripts/fuzz-libfuzzer.sh   # needs nightly rustc (rustup)
 
 set -euo pipefail
@@ -18,6 +19,7 @@ if ! command -v cargo-fuzz >/dev/null 2>&1; then
 fi
 
 FUZZ_TIME="${FUZZ_TIME:-60}"
+FUZZ_RUNS="${FUZZ_RUNS:-}"
 SANITIZER="${SANITIZER:-none}"
 
 TARGETS=(
@@ -31,8 +33,13 @@ TARGETS=(
 
 run_one() {
   local name="$1"
-  echo "=== cargo-fuzz: $name (max_total_time=${FUZZ_TIME}s, sanitizer=${SANITIZER}) ==="
-  cargo fuzz run -s "$SANITIZER" "$name" -- -max_total_time="$FUZZ_TIME" -print_final_stats=1
+  if [[ -n "$FUZZ_RUNS" ]]; then
+    echo "=== cargo-fuzz: $name (-runs=${FUZZ_RUNS}, sanitizer=${SANITIZER}) ==="
+    cargo fuzz run -s "$SANITIZER" "$name" -- -runs="$FUZZ_RUNS" -print_final_stats=1
+  else
+    echo "=== cargo-fuzz: $name (max_total_time=${FUZZ_TIME}s, sanitizer=${SANITIZER}) ==="
+    cargo fuzz run -s "$SANITIZER" "$name" -- -max_total_time="$FUZZ_TIME" -print_final_stats=1
+  fi
 }
 
 if [[ $# -gt 0 ]]; then