2026-04-25 –, Seminar Room 7
In today’s interconnected world, achieving complete software security is extremely challenging, as vulnerabilities continue to provide opportunities for exploitation. Buffer overflow attacks remain among the most enduring and impactful forms of software exploitation, enabling adversaries to manipulate program execution and gain unauthorized access. Although significant countermeasures such as stack canaries, Address Space Layout Randomisation (ASLR), and non-executable memory protections have been developed, buffer overflows persist due to legacy codebases, low-level programming practices, and the constant evolution of attack strategies. Recent advances in Generative Artificial Intelligence (Gen-AI) introduce a new dimension to defensive cybersecurity research and offers potential as a countermeasure through enhanced vulnerability detection, automated secure code generation, and the ability to adapt defensively to dynamic attack patterns. This project specifically evaluate the dangers of buffer overflows attacks and effectiveness of Gen-AI models in guarding against them, with a focus on recent vulnerabilities such as CVE-2025-6660 and CVE-2025-6191.
Buffer overflows are still considered a persistent threat five decades after their initial documentation,
maintained by bad programming habits, legacy codebases, unsafe programming languages and the
growing existence of IoT and embedded systems, which are often more inclined to be vulnerable due
to their nature. Although defence mechanisms have been put in place and generally adopted, ASLR,
DEP and SSP are not the perfect protection mechanisms, and always-evolving exploitation techniques
are able to bypass them. Likewise, detection and mitigation using static and dynamic analysis tools
are a good base to try to improve and find vulnerable code, but being generalised tools for all vulner-
abilities, they still incur a lot of false positives, major overhead requirements and partial coverage for
buffer overflows.
Recent advances in artificial intelligence have facilitated innovation and demonstrated promising im-
provements regarding this matter. Even if they seem to perform better than traditional techniques, the
field is still immature, and there are still a lot of improvements to achieve to have a viable long-term
solution. Their scope is often very narrow, and there is yet to be a way to adapt to new exploitation
techniques in real time without redesigning the whole model from scratch. Gen-AI potential remains
crucially unexplored in regard to buffer overflow mitigation and detection in real-world scenarios,
constituting an opportunity for future work.
Exeter Cyber Security Society
OWASP Exeter Student Chapter Leader,
President of University of Exeter Cyber Security Society
Certified Junior Pentration Tester (eJPT) by INE
Certified in Cyber Secuirty (CC) ISC2