Zheng Yu (于峥)

News

• [2026.03] pPatch is accepted to ACM FSE 2026!

• [2026.03] I joined DepthFirst as a Security Research Engineer! I am excited to work with the talented team.

• [2026.03] I passed the PhD defense at Northwestern University! Thanks to my committee members: Prof. Xinyu Xing, Prof. Peter Dinda, Prof. Yan Chen, Prof. Kexin Pei. Here is my slides and thesis.

• [2025.11] I got 🥈 Runner-up in Technical Impact Award of CSAW Applied Research Competition (ARC) 2025!

• [2025.11] I was invited to be a PC member for LLM4Code 2026, which is co-located with ICSE 2026!

• [2025.10] I passed the PhD proposal exam at Northwestern University! Thanks to my committee members: Prof. Xinyu Xing, Prof. Peter Dinda, Prof. Yan Chen and Prof. Kexin Pei. Here is my slides.

• [2025.10] PatchAgent is accepted to CSAW Applied Research Competition (ARC) 2025 as Finalist!

• [2025.09] PortGPT is accepted to IEEE S&P 2026!

• [2025.08] Our team, 42-b3yond-6ug, won rank 6 at AIxCC Finals!

• [2025.06] Awarded Student Grant from USENIX Security 2025!

• [2025.01] PatchAgent is accepted to USENIX Security 2025!

• [2024.12] I got the Master of Science degree in Computer Science from Northwestern University!

• [2024.10] I passed the PhD qualifying exam at Northwestern University! Thanks to my committee members: Prof. Xinyu Xing, Prof. Peter Dinda, and Prof. Yan Chen. Here is my slides.

• [2024.09] Awarded Student Grant from ACM CCS 2024!

• [2024.08] Our team, 42-b3yond-6ug, won the AIxCC Semi-Finals and was awarded $2 million. I had the honor of designing the program repair system for the competition.

• [2024.07] Awarded Student Grant from USENIX Security 2024!

• [2024.06] LLM-Fuzzer is accepted to USENIX Security 2024!

• [2024.05] ShadowBound is accepted to USENIX Security 2024!

• [2024.02] Our team, 42-b3yond-6ug, received funding of $1 million from AIxCC.

• [2023.09] CAMP is accepted to USENIX Security 2024!

Publications

• Patch Validation in Automated Vulnerability Repair [Paper] [arXiv] [Code]

  Zheng Yu, Wenxuan Shi, Xinqian Sun, Zheyun Feng, Meng Xu, Xinyu Xing
  arXiv 2603.06858

• pPatch: Automated Vulnerability Unpatching [Paper]

  Tianyi Jing, Pengyu Ding, Meng Xu, Yinhao Hu, Zheng Yu, Dongliang Mu
  ACM International Conference on the Foundations of Software Engineering (FSE) 2026

• PortGPT: Towards Automated Backporting Using Large Language Models [Paper] [Code]

  Zheng Yu*, Zhaoyang Li*, Jingyi Song, Meng Xu, Yuxuan Luo, Dongliang Mu
  IEEE Symposium on Security and Privacy (S&P) 2026
  Generated Patches Have Been Merged into Linux 6.1.

• PatchAgent: A Practical Program Repair Agent Mimicking Human Expertise [Paper] [Slides] [Code - 100+ Stars] [USENIX Poster] [CSAW Poster]

  Zheng Yu, Ziyi Guo, Yuhang Wu, Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen, Xinyu Xing
  USENIX Security Symposium 2025 (Long Presentation)
  DARPA AIxCC Finalist / CSAW 25 ARC Runner-up / Generated Patches Have Been Used in Production.

• ShadowBound: Efficient Heap Memory Protection Through Advanced Metadata Management and Customized Compiler Optimization [Paper] [Code - 20+ Stars] [Slides]

  Zheng Yu, Ganxiang Yang, Xinyu Xing
  USENIX Security Symposium 2024

• LLM-Fuzzer: Scaling Assessment of Large Language Model Jailbreaks [Paper] [Code - 500+ Stars] [Slides]

  Jiahao Yu, Xingwei Lin, Zheng Yu, Xinyu Xing
  USENIX Security Symposium 2024
  Geekcon 2023 Annual Breakthrough Awards / Integrated into Microsoft Azure PyRIT

• CAMP: Compiler and Allocator-based Heap Memory Protection [Paper] [Code - 40+ Stars] [Slides]

  Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter Dinda, Xinyu Xing
  USENIX Security Symposium 2024

• FIRST: Exploiting the Multi-Dimensional Attributes of Functions for Power-Aware Serverless Computing [Paper]

  Lu Zhang, Chao Li, Xinkai Wang, Weiqi Feng, Zheng Yu, Quan Chen, Jingwen Leng, Minyi Guo, Pu Yang, Shang Yue
  IEEE International Parallel & Distributed Processing Symposium (IPDPS) 2023

Talks

• Reversing MCU with Firmware Emulation [Code]

  BlackHat Europe 2022, London, UK

Work & Teaching Experience

• DepthFirst Mar. 2026 – Present

  Security Research Engineer San Francisco, CA, USA

  AI Security Team
  • Working on LLM-based agents for automated vulnerability discovery in web applications (frontend & backend, high-level languages).
  • Contributing to automated discovery for low-level systems (C/C++), covering memory corruption and logic vulnerabilities.
  • Involved in building end-to-end automated penetration testing workflows.

• CertiK Jan. 2026 – Mar. 2026

  Security Researcher New York, NY, USA

  Smart Contract Security Team

• Northwestern University Sep. 2025 – Dec. 2025

  Teaching Assistant Evanston, IL, USA

  Operating Systems (COMP_SCI 343), Instructor: Dr. Branden Ghena

• University of Waterloo Jun. 2025 – Sep. 2025

  Visiting Graduate Researcher Waterloo, Ontario, Canada

  CrySP Lab, Advisor: Prof. Meng Xu

• Northwestern University Sep. 2024 – Dec. 2024

  Teaching Assistant Evanston, IL, USA

  Introduction to Computer Security (COMP_SCI 350), Instructor: Prof. Xinyu Xing

• Google Summer of Code Apr. 2022 – Oct. 2022

  GSOC Project Mentor Remote

  Bridging Qiling and Static Analysis

• JD.COM, Inc. Jun. 2021 – May 2022

  Security Engineer Beijing, China

  Application Security Team - Firmware Emulation

• Shanghai Jiao Tong University Sep. 2019 – May 2021

  Infrastructure Engineer Shanghai, China

  Information and Network Center

• Shanghai Jiao Tong University Jun. 2019 – Sep. 2019

  Teaching Assistant Shanghai, China

  Programming Design and Data Structures (CS151), Instructor: Prof. Huiyu Weng

Honors & Awards

• CSAW Applied Research Competition Finalist & Technical Impact Award Runner-up 2025

  NYU Tandon School of Engineering - PatchAgent Project

• USENIX Security Student Grant Recipient 2024, 2025

  USENIX Association

• DARPA AIxCC Advanced Finals 2024

  Top Finalist - Team 42-b3yond-6ug

• ACM CCS Student Grant Recipient 2024

  ACM SIGSAC Conference on Computer and Communications Security

• DEFCON CTF Finals - 5th Place 2023

  Team StrawHat (7th Place in 2022)

• Outstanding Graduate Award 2022

  Shanghai Jiao Tong University

• Zhiyuan Honor Scholarship 2018-2021

  Shanghai Jiao Tong University (Top 2% annually)

• China National Olympiad in Informatics - Silver Medal 2017

  China Computer Federation (CCF) - Top 100 Nationally

Media Coverage

• How researchers instruct AI to automatically backport security patches - FreeBuf
• PortGPT: AI Backport Security Patches Automatically - Help Net Security
• Paper Share | PatchAgent - SECGEEK
• Paper Share | PatchAgent - COMPASS Lab
• Paper Share | PatchAgent - HUSTSCOPELab
• Safeguarding Critical Software Infrastructure through Novel AI Systems - Northwestern University
• 42-b3yond-6ug team winning $2 million in DARPA's AixCC - University of Waterloo
• Advancing Compiler Technology - Northwestern University
• Exploiting Security Vulnerabilities - Northwestern University
• Paper Share | GPTFuzzer - SECGEEK
• Paper Share | ShadowBound - GoSSIP Security Group
• Paper Share | CAMP - COMPASS Lab
• Paper Share | ShadowBound - COMPASS Lab
• Paper Share | PatchAgent - GoSSIP Security Group

Academic Services

• Program Committee Member: LLM4Code 2026, ICLR 2026, NeurIPS 2025, ICML 2025, ICLR 2025, AISTATS 2025, AAAI-UC 2025, NeurIPS 2024, ICECI 2024
• Artifact Evaluation Committee Member: CCS 2025, NDSS 2025, USENIX Security 2025, ATC 2024, OSDI 2024, ISSTA 2024, USENIX Security 2024, CCS 2024, CCS 2023
• Journal Reviewer: IEEE TDSC, PeerJ CS, IEEE TIFS