About Me

I’m Muxi Lyu, a security research assistant at Johns Hopkins University, where I completed my M.S.E. in Computer Science (Fall 2024) and my B.S. in Computer Science with a second major in Applied Mathematics and Statistics (Spring 2024). Throughout my time at Hopkins, I’ve been deeply grateful to be advised by Prof. Yinzhi Cao, whose mentorship has shaped and sparked my passion for security research.

In Fall 2025, I’ll begin my Ph.D. in Computer Science at UC Berkeley.

My research lies at the intersection of web and software security, program analysis, and AI for security. I’m particularly interested in hybrid approaches that combine the precision of static and dynamic analysis with the predictive power of large language models (LLMs). My goal is to develop AI-empowered security techniques that detect vulnerabilities before an attack occurs and strengthen defenses against exploitation — ensuring stronger protection of users’ data, privacy, and digital trust.

Beyond academic research, I was fortunate to join Team 42-b3yond-6ug in the DARPA AIxCC competition, where we advanced to the final round (Top 7) and were awarded $2 million in August 2025.

Publications

Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites [paper]

Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, Yinzhi Cao
To appear at IEEE Symposium on Security and Privacy (S&P Oakland), 2025

• Our evaluation revealed 133 zero-day gadgets not found by prior work. Notably, one was found in Meta’s software (acknowledged with a bug bounty), and another in the Vue framework, resulting in CVE-2024-6783. Additionally, GALA identified 23 websites where prototype pollution vulnerabilities — previously deemed inconsequential — led to real consequences through the discovered gadgets.
  
  

Teaching & Mentorship

Course Assistant

• Compilers and Interpreters, Fall 2024
• Operating Systems, Spring 2024
• Intermediate Programming (C, C++), Fall 2022

Teaching Assistant

• Probability, Fall 2022

Mentorship Roles

• JHU ACM Peer Mentor
• JHU Women in Computer Science (WiCS) Peer Mentor
  
  

Honors & Awards

• Honorable Mention in the NSF GRFP competition, 2025

• Michael J. Muuss Research Award, 2024
  $3,000 awarded by the JHU Computer Science Department

• Graduation with Honors in Computer Science, 2024

• Dean’s List, Fall 2021 – Spring 2024
  
  

Miscellaneous

• My name is Muxi (沐曦), pronounced moo-shee, which means standing under the first beam of sunshine in the morning.
• While I’m mostly introverted, I love collaborating and building with others. I served as Co-Director of HopHacks, leading JHU’s 36-hour hackathon for 300+ participants, and as Vice President of CSSA, where I managed the tech team and helped organize orientation events for over 1,000 new students.
• I enjoy working on interesting projects that improve daily life. I co-founded GooseCart, a venture developed through the PavaCenter Summer Incubator Program at JHU. Other projects include a Campus Hiring System (with JHU COLLAB), a Campus Marketplace (with JHU CSSA), and an Alumni Hub (with JHU CSSA).
• I love cooking and baking — often as a midnight stress reliever. One of my long-time New Year’s resolutions has been to start a culinary channel… let’s see when I finally do it!