About

I am Senior Director and Chief Security Researcher at JD.com Group, with a focus on building large-scale security, risk control, and AI-driven defense capabilities. I founded Xiezhi Security Lab (also known as Dawn Security Lab) and now also lead advertising and marketing risk control initiatives, covering advanced security research, advertising anti-fraud, threat intelligence, strategic security infrastructure, and AI for security.

I am also working on OpenCyvis, an open-source AI phone built as an auditable and user-controlled alternative to black-box commercial AI phones. OpenCyvis keeps both the agent stack and model choice open: developers can inspect the code, choose their own AI model, run local models, and control where their data goes. The project connects my interests in mobile security, AI agents, automation, and controllable AI-native systems.

Previously, I led Pinduoduo's security team and built its security infrastructure from the ground up. Before that, I was at the Keen Security Lab of Tencent, focusing on cutting-edge vulnerability research and mobile security. I am the winner of Pwn2Own 2016, Mobile Pwn2Own 2016 and 2017, having successfully pwned the newest macOS and Android systems and earning the Master of Pwn title.

My research has been presented at Black Hat, DEF CON, and CanSecWest. I am a multiple-time Pwn2Own champion and the recipient of the 2022 Pwnie Award for Best Privilege Escalation Bug. I have been credited by Google, Samsung, Apple, and Huawei for discovering hundreds of critical CVEs, and have published at ACM ISSTA, USENIX, and other leading venues. I am a committee member and judge of the international hacking competition GeekPwn, and a member of the China Computer Federation.

Mobile Security Vulnerability Research Android / iOS IoT Security Software Supply Chain Ad Fraud / Anti-cheat AI Security Fuzzing CISSP

Publications & Talks

  1. Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC. Black Hat USA, Las Vegas. 2024. BH USA
  2. Uncovering and Mitigating the Impact of Code Obfuscation on Dataset Annotation with Antivirus Engines. ISSTA 2024, Vienna. 2024. CCF-A
  3. PMDET: A new fuzzing-based detection tool for Android Parcel Mismatch bugs. SANER 2024, Finland. 2024. CCF-B
  4. Detecting Novel Malware Classes with a Foundational Multi-Modality Data Analysis Model. Data Intelligence. 2024.
  5. PMDET: A new fuzzing-based detection tool for Android Parcel Mismatch bugs. Black Hat Asia, Singapore. 2024. BH Asia
  6. RIDE: Efficient Highly-Precise Systematic Automatic Bug Hunting in Android Systems. Black Hat USA, Las Vegas. 2022. BH USA
  7. Mystique in the House: The Droid Vulnerability Chain that Owns All Your Applications. CanSecWest, Vancouver. 2022.
  8. The Hidden RCE Surfaces That Control the Droids. Black Hat Asia, Singapore. 2022. BH Asia
  9. La La Land: Theory and Practice on Large-Scale Static Bug Hunting for Android Systems. MOSEC, Shanghai. 2022.
  10. DroidCorn: A Practical New Framework for Blackbox Android Binary Fuzzing. MOSEC, Shanghai. 2020.
  11. Pwning the Nexus of Every Pixel. CanSecWest, Vancouver. 2017.
  12. Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root. Black Hat USA, Las Vegas. 2016. BH USA
  13. Escaping the Sandbox by Not Breaking it. DEF CON, Las Vegas. 2016. DEF CON
  14. Don't trust your eyes — Apple Graphics is compromised! CanSecWest, Vancouver. 2016.
  15. Hey Your Parcel Looks Bad — Fuzzing and Exploiting Parcel-ization Vulnerabilities in Android. Black Hat Asia, Singapore. 2016. BH Asia
  16. Shooting the OSX El Capitan Kernel Like a Sniper. REcon, Montreal. 2016.
  17. Hacking Phones from 2013 to 2016. Seoul, Korea. 2016.
  18. Vulnerabilities in the third-party SDKs of Android applications. HITCON, Taipei. 2015.

Honors & Awards

  • Pwnie Award — Best Privilege Escalation, Black Hat USA, Las Vegas. 2022.
  • Pwn2Own Champion & Master of Pwn, Tokyo and Vancouver. 2016, 2017.
  • Pwnie Award Nominee, Black Hat USA, Las Vegas. 2017.
  • JD Group Black Horse Competition — 1st Prize. 2025.
  • JD Group CCO Highest Special Award. 2024.
  • Google Security Hall of Fame — Top 10 in Android Category.
  • Samsung Security Hall of Fame — Ranked #6 (2021, 2022).
  • Huawei Security Hall of Fame — Ranked #3 (2020).

Professional Service

  • Competition Judge, GeekPwn & GeekCon (international top security competition)
  • Member, China Computer Federation (CCF)
  • Executive Committee Member, CCF Technical Committee on Security and Privacy (网络与系统安全专业委员会)
  • Cyber Security Committee Member, Beijing 2022 Winter Olympics

Education

  • Zhejiang University — B.Eng. in Computer Science and Technology
  • Hong Kong University of Science and Technology — Visiting Scholar, Department of Software Engineering. Advisor: Prof. Shing Chi Cheung.

Selected Coverage

CVE Research

Credited by Google, Apple, Samsung, Huawei, Oppo, and others for discovering hundreds of critical vulnerabilities across Android, iOS, macOS, Chrome, and major vendor ecosystems.

CVE-2015-3854, CVE-2015-3855, CVE-2015-3856, CVE-2015-6612, CVE-2015-6620, CVE-2015-6622, CVE-2016-0811, CVE-2016-3832, CVE-2016-6705, CVE-2016-8395, CVE-2016-8399, CVE-2016-6768, CVE-2016-6788, CVE-2016-8395, CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427, CVE-2017-0476, CVE-2017-0544, CVE-2017-13246, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167, CVE-2017-13324, CVE-2017-15868, CVE-2017-2692, CVE-2017-2693, CVE-2016-5197, CVE-2016-1815, CVE-2016-1860, CVE-2016-4697, CVE-2016-7714, CVE-2016-7624, CVE-2016-7625, CVE-2016-7620, CVE-2017-2416, CVE-2018-9143, CVE-2018-9139, CVE-2018-9140, CVE-2018-9142, CVE-2018-9141, CVE-2018-10500, CVE-2018-10497, CVE-2018-10499, CVE-2018-10498, CVE-2019-14783, CVE-2019-16253, CVE-2019-16509, CVE-2019-17628, CVE-2021-0515, CVE-2021-0691, CVE-2021-39734, CVE-2021-25492, CVE-2021-25493, CVE-2021-25494, CVE-2021-25495, CVE-2021-25496, CVE-2021-25497, CVE-2021-25498, CVE-2021-25418, CVE-2021-25510, CVE-2021-25511, CVE-2021-25485, CVE-2021-25450, CVE-2021-23243, CVE-2021-0691, CVE-2021-0515, CVE-2021-0393, CVE-2022-33704, CVE-2022-33703, CVE-2022-39862, CVE-2022-28791, CVE-2022-30743, CVE-2022-36857, CVE-2022-30731, CVE-2022-30715, CVE-2022-39857, CVE-2022-24931, CVE-2022-22263, CVE-2022-22264, CVE-2022-20146, CVE-2022-20172, CVE-2025-32321, CVE-2025-8192