About

I am a security researcher working at the intersection of AI and security: AI agent security, LLM attack & defense, and AI-driven threat detection at scale. A multiple-time Pwn2Own champion and Pwnie Award winner with hundreds of critical CVEs, I now focus on bringing two decades of top-tier offensive security into the AI era. I built OpenCyvis, an open-source AI phone and a working exercise in security design for AI agent systems: the agent stack and model choice are fully open — users can audit the code, run local models on-device, and control where their data goes — a blueprint for controllable, auditable AI-native systems. On the industry side, I lead AI-based large-scale fraud fighting and anomaly detection (AI for Security), applying LLMs and multi-modal detection to real-world abuse in advertising and marketing.

I am Senior Director and Chief Security Researcher at JD.com Group, where I founded Xiezhi Security Lab (also known as Dawn Security Lab), covering advanced security research, threat intelligence, and strategic security infrastructure. I also serve as a doctoral management trainee mentor and TGT (Tech Genius Team) mentor at JD.com, supervising multiple PhDs and top technical talents.

More recently, my research has expanded into device-side Trusted Execution Environments (TEE) and trusted computing — leveraging hardware-rooted isolation such as ARM TrustZone, secure enclaves, and confidential computing to protect on-device AI models, cryptographic keys, and sensitive user data, and to establish verifiable, remotely-attestable trust for AI-native systems running at the edge.

Previously, I led Pinduoduo's security team and built its security infrastructure from the ground up. Before that, I was at the Keen Security Lab of Tencent, focusing on cutting-edge vulnerability research and mobile security. I am the winner of Pwn2Own 2016, Mobile Pwn2Own 2016 and 2017, having successfully pwned the newest macOS and Android systems and earning the Master of Pwn title. I was an early founding member of Blue Lotus, Asia's first CTF team to reach the DEF CON Finals, and a founding member of Zhejiang University's AAA CTF Team and Cybersecurity Association.

My research has been presented at Black Hat, DEF CON, and CanSecWest. I am a multiple-time Pwn2Own champion and the recipient of the 2022 Pwnie Award for Best Privilege Escalation Bug. I have been credited by Google, Samsung, Apple, and Huawei for discovering hundreds of critical CVEs, and have published at ACM ISSTA, USENIX, and other leading venues. I am a committee member and judge of the international hacking competition GeekPwn, and an Executive Committee Member of the China Computer Federation (CCF) Technical Committee on Security and Privacy.

AI Agent Security LLM Attack & Defense AI for Security On-Device AI Security Mobile Security Vulnerability Research Android / iOS IoT Security Software Supply Chain TEE / Trusted Computing Fuzzing CISSP

Recent Highlights

  • 2026 — ARKDecompiler, the decompiler for HarmonyOS Next, accepted at Black Hat USA Arsenal
  • 2026 — Served as judge of China's first Agent Security Attack-Defense Championship, with 610 competing teams · covered by China Daily
  • 2025 — Open-source AI phone OpenCyvis released, featured on XDA
  • 2025 — Talks at DEF CON 33 and CanSecWest: resurrecting LaunchAnywhere privilege escalation on Android
  • 2024Black Hat USA talk on Mac security reached the front page of Hacker News; AI × security papers published at ISSTA 2024 (CCF-A) and Data Intelligence

Projects & Open Source

  • OpenCyvis — open-source AI phone: an auditable, user-controlled AI agent system with virtual display and on-device local LLM support
  • ARKDecompiler — decompiler for HarmonyOS Next (Ark bytecode) · Black Hat USA Arsenal 2026
  • RIDE — highly-precise systematic automatic bug hunting framework for Android systems · Black Hat USA Arsenal 2022
  • PMDET — fuzzing-based detection tool for Android Parcel Mismatch bugs · Black Hat Asia Arsenal / SANER 2024

Publications & Talks

AI × Security

  1. Uncovering and Mitigating the Impact of Code Obfuscation on Dataset Annotation with Antivirus Engines. ISSTA 2024, Vienna. 2024. CCF-A
  2. Detecting Novel Malware Classes with a Foundational Multi-Modality Data Analysis Model. Data Intelligence. 2024.

Systems & Mobile Security

  1. From Breakthrough to Completeness: ARKDecompiler — The Decompiler for HarmonyOS Next. Black Hat USA Arsenal, Las Vegas. 2026. BH Arsenal
  2. BadResolve: Bypassing Android's Intent Checks to Resurrect LaunchAnywhere Privilege Escalations. CanSecWest, Vancouver. 2025.
  3. Dead Made Alive Again: Bypassing Intent Destination Checks and Reintroducing LaunchAnyWhere Privilege Escalation. DEF CON 33, Las Vegas. 2025. DEF CON
  4. Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC. Black Hat USA, Las Vegas. 2024. BH USA
  5. PMDET: A new fuzzing-based detection tool for Android Parcel Mismatch bugs. SANER 2024, Finland. 2024. CCF-B
  6. PMDET: A new fuzzing-based detection tool for Android Parcel Mismatch bugs. Black Hat Asia Arsenal, Singapore. 2024. BH Arsenal
  7. RIDE: Efficient Highly-Precise Systematic Automatic Bug Hunting in Android Systems. Black Hat USA Arsenal, Las Vegas. 2022. BH Arsenal
  8. Mystique in the House: The Droid Vulnerability Chain that Owns All Your Applications. CanSecWest, Vancouver. 2022.
  9. The Hidden RCE Surfaces That Control the Droids. Black Hat Asia, Singapore. 2022. BH Asia
  10. La La Land: Theory and Practice on Large-Scale Static Bug Hunting for Android Systems. MOSEC, Shanghai. 2022.
  11. DroidCorn: A Practical New Framework for Blackbox Android Binary Fuzzing. MOSEC, Shanghai. 2020.
  12. Pwning the Nexus of Every Pixel. CanSecWest, Vancouver. 2017.
  13. Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root. Black Hat USA, Las Vegas. 2016. BH USA
  14. Escaping the Sandbox by Not Breaking it. DEF CON, Las Vegas. 2016. DEF CON
  15. Don't trust your eyes — Apple Graphics is compromised! CanSecWest, Vancouver. 2016.
  16. Hey Your Parcel Looks Bad — Fuzzing and Exploiting Parcel-ization Vulnerabilities in Android. Black Hat Asia, Singapore. 2016. BH Asia
  17. Shooting the OSX El Capitan Kernel Like a Sniper. REcon, Montreal. 2016.
  18. Hacking Phones from 2013 to 2016. Seoul, Korea. 2016.
  19. Vulnerabilities in the third-party SDKs of Android applications. HITCON, Taipei. 2015.

Honors & Awards

  • Pwnie Award — Best Privilege Escalation, Black Hat USA, Las Vegas. 2022.
  • Pwn2Own Champion & Master of Pwn, Tokyo and Vancouver. 2016, 2017.
  • Pwnie Award Nominee, Black Hat USA, Las Vegas. 2017.
  • Multiple top internal technical honors at JD.com and Tencent, including Tencent's company-level Technical Breakthrough Award and JD Group Hackathon 1st Prize (2025).
  • Google Security Hall of Fame — Top 10 in Android Category.
  • Samsung Security Hall of Fame — Ranked #6 (2021, 2022).
  • Huawei Security Hall of Fame — Ranked #3 (2020).

Professional Service

  • Judge, China's first Agent Security Attack-Defense Championship. 2026.
  • Competition Judge, GeekPwn & GeekCon (international top security competition)
  • Executive Committee Member, China Computer Federation (CCF) Technical Committee on Security and Privacy
  • Mentor, JD.com TGT (Tech Genius Team) — Top Global Talent Program
  • Cyber Security Committee Member, Beijing 2022 Winter Olympics
  • Tencent Cloud TVP (Most Valuable Professional). 2025.
  • Judge, Tencent Cloud Hackathon

Education

  • Zhejiang University — B.Eng. in Computer Science and Technology
  • Hong Kong University of Science and Technology — Visiting Scholar, Department of Software Engineering. Advisor: Prof. Shing Chi Cheung.

Selected Coverage

CVE Research

Credited by Google, Apple, Samsung, Huawei, Oppo, and others for discovering hundreds of critical vulnerabilities across Android, iOS, macOS, Chrome, and major vendor ecosystems.

Show full CVE list
CVE-2015-3854, CVE-2015-3855, CVE-2015-3856, CVE-2015-6612, CVE-2015-6620, CVE-2015-6622, CVE-2016-0811, CVE-2016-3832, CVE-2016-6705, CVE-2016-8395, CVE-2016-8399, CVE-2016-6768, CVE-2016-6788, CVE-2016-8395, CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427, CVE-2017-0476, CVE-2017-0544, CVE-2017-13246, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167, CVE-2017-13324, CVE-2017-15868, CVE-2017-2692, CVE-2017-2693, CVE-2016-5197, CVE-2016-1815, CVE-2016-1860, CVE-2016-4697, CVE-2016-7714, CVE-2016-7624, CVE-2016-7625, CVE-2016-7620, CVE-2017-2416, CVE-2018-9143, CVE-2018-9139, CVE-2018-9140, CVE-2018-9142, CVE-2018-9141, CVE-2018-10500, CVE-2018-10497, CVE-2018-10499, CVE-2018-10498, CVE-2019-14783, CVE-2019-16253, CVE-2019-16509, CVE-2019-17628, CVE-2021-0515, CVE-2021-0691, CVE-2021-39734, CVE-2021-25492, CVE-2021-25493, CVE-2021-25494, CVE-2021-25495, CVE-2021-25496, CVE-2021-25497, CVE-2021-25498, CVE-2021-25418, CVE-2021-25510, CVE-2021-25511, CVE-2021-25485, CVE-2021-25450, CVE-2021-23243, CVE-2021-0691, CVE-2021-0515, CVE-2021-0393, CVE-2022-33704, CVE-2022-33703, CVE-2022-39862, CVE-2022-28791, CVE-2022-30743, CVE-2022-36857, CVE-2022-30731, CVE-2022-30715, CVE-2022-39857, CVE-2022-24931, CVE-2022-22263, CVE-2022-22264, CVE-2022-20146, CVE-2022-20172, CVE-2025-32321, CVE-2025-8192

Patents

  • Methods, Devices, Systems and Equipment for Vulnerability Detection in Application Installation Packages · CN121479793A · 2026