diff --git a/.clusterfuzzlite/Dockerfile b/.clusterfuzzlite/Dockerfile
new file mode 100644
index 000000000..7edab94e2
--- /dev/null
+++ b/.clusterfuzzlite/Dockerfile
@@ -0,0 +1,6 @@
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool \
+  pkg-config
+COPY . $SRC/trezor-firmware
+WORKDIR $SRC/trezor-firmware/crypto
+COPY .clusterfuzzlite/build.sh $SRC/
diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
new file mode 100755
index 000000000..a1d9cc4bb
--- /dev/null
+++ b/.clusterfuzzlite/build.sh
@@ -0,0 +1,5 @@
+# reset sanitizer and optimization flags to avoid interfering with $CFLAGS
+export SANFLAGS=""
+export OPTFLAGS="-O3 -march=native -gline-tables-only"
+FUZZER=1 VALGRIND=0 make -j$(nproc) fuzzer
+mv fuzzer/fuzzer $OUT/
diff --git a/.clusterfuzzlite/project.yaml b/.clusterfuzzlite/project.yaml
new file mode 100644
index 000000000..b455aa397
--- /dev/null
+++ b/.clusterfuzzlite/project.yaml
@@ -0,0 +1 @@
+language: c
diff --git a/.github/workflows/cflite.yml b/.github/workflows/cflite.yml
new file mode 100644
index 000000000..5d3aa1e6f
--- /dev/null
+++ b/.github/workflows/cflite.yml
@@ -0,0 +1,29 @@
+name: ClusterFuzzLite PR fuzzing
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - '**'
+permissions: read-all
+jobs:
+  PR:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer: [address]
+    steps:
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          sanitizer: ${{ matrix.sanitizer }}
+          language: c
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 400
+          mode: 'code-change'
+          sanitizer: ${{ matrix.sanitizer }}