FIXX: FInding eXploits from eXamples
Neil P Thimmaiah
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · Web Security
The talk "FIXX: FInding eXploits from eXamples," presented by Neil P Thimmaiah at the 34th USENIX Security Symposium, introduces a novel automated approach to identify undisclosed variants of known vulnerabilities within web applications. Addressing a critical gap in current vulnerability detection and patching methodologies, FIXX aims to move beyond single-instance fixes by leveraging information from disclosed exploits to uncover similar, previously undetected exploitable paths. This work, co-authored with Yashu Professor and Professor Benadrushman, directly tackles the pervasive issue of "chain-style vulnerabilities" where malicious data flows from input **sources** to sensitive operation **sinks** in web applications, often leading to zero-day exploits.
AI review
Solid systems-security research with a clear problem statement, a novel automated pipeline, and real-world validation via 10 new CVEs submitted to MITRE. FIXX occupies a genuinely underserved niche — variant discovery from known-exploit examples — and backs the claim with numbers rather than hand-waving.