About Me

I’m Muxi Lyu, a 1st-year Ph.D. student in Computer Science at UC Berkeley, advised by Prof. David Wagner and Prof. Koushik Sen. I am affiliated with the Berkeley Artificial Intelligence Research (BAIR) Lab and the Sky Computing Lab.

My research interests lie at the intersection of AI Security and AI for Security, spanning web and software security, program analysis, and AI-driven vulnerability detection. Recently, I focus on:

• Secure Web Agents: Designing intelligent web-browsing agents resilient to attacks such as prompt injection, malicious content manipulation, and unsafe action execution.
• Secure Code Generation: Leveraging large language models (LLMs) to synthesize code that meets functional requirements while avoiding security vulnerabilities.
• AI for Software Testing: Applying AI techniques to enhance fuzzing, vulnerability detection, and automated test generation for large-scale software systems.

My long-term goal is to create AI-empowered security techniques that proactively detect vulnerabilities and reinforce defenses against exploitation — ensuring stronger protection of users’ data, privacy, and digital trust.

I completed my M.S.E. in Computer Science (Fall 2024) and my B.S. in Computer Science with a second major in Applied Mathematics and Statistics (Spring 2024) at Johns Hopkins University. Throughout my time at Hopkins, I’ve been deeply grateful to be advised by Prof. Yinzhi Cao, whose mentorship has shaped and sparked my passion for security research.

Publications

Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites [paper]

Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, Yinzhi Cao
In the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2025.

• 🏆 Distinguished Paper Award
• Our evaluation revealed 133 zero-day gadgets not found by prior work. Notably, one was found in Meta’s software (acknowledged with a bug bounty), and another in the Vue framework, resulting in CVE-2024-6783. Additionally, GALA identified 23 websites where prototype pollution vulnerabilities — previously deemed inconsequential — led to real consequences through the discovered gadgets.

The First Large-Scale Systematic Study of Python Class Pollution Vulnerability

Zhengyu Liu, Jiacheng Zhong, Jianjia Yu, Muxi Lyu, Zifeng Kang, and Yinzhi Cao
To appear in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2026.

Teaching & Mentorship

Course Assistant

• Compilers and Interpreters, Fall 2024
• Operating Systems, Spring 2024
• Intermediate Programming (C, C++), Fall 2022

Teaching Assistant

• Probability, Fall 2022

Mentorship Roles

• JHU ACM Peer Mentor
• JHU Women in Computer Science (WiCS) Peer Mentor
  
  

Honors & Awards

• Distinguished Paper Award, IEEE S&P (Oakland), 2025

• Honorable Mention in the NSF GRFP competition, 2025

• Michael J. Muuss Research Award, 2024
  $3,000 award by the JHU Computer Science Department

• Finalist – DARPA AI Cyber Challenge (AIxCC), with Team 42-b3yond-6ug, 2024 $2,000,000 team award

• Graduation with Honors in Computer Science, 2024

• Dean’s List, Fall 2021 – Spring 2024
  
  

Miscellaneous

• My name is Muxi (沐曦), pronounced moo-shee, which means standing under the first beam of sunshine in the morning.
• While I’m mostly introverted, I love collaborating and building with others. I served as Co-Director of HopHacks, leading JHU’s 36-hour hackathon for 300+ participants, and as Vice President of CSSA, where I managed the tech team and helped organize orientation events for over 1,000 new students.
• I enjoy working on interesting projects that improve daily life. I co-founded GooseCart, a venture developed through the PavaCenter Summer Incubator Program at JHU. Other projects include a Campus Hiring System (with JHU COLLAB), a Campus Marketplace (with JHU CSSA), and an Alumni Hub (with JHU CSSA).
• I love cooking and baking — often as a midnight stress reliever. One of my long-time New Year’s resolutions has been to start a culinary channel… let’s see when I finally do it!