Hongwei Li(李洪伟)

Ph.D. Student at UC Santa Barbara

AI for Security (AI4Sec) Researcher

About Me

I am a Ph.D. student at the University of California, Santa Barbara, working under the supervision of Dr. Wenbo Guo. I am a member of Shellphish, a renowned cybersecurity research group, and a core member of the ARTIPHISHELL team that competed in the DARPA AI Cyber Challenge (AIxCC).

Education

University of California, Santa Barbara
Ph.D. in Computer Science

2024 - Present

Current
Purdue University
Ph.D. in Computer Science (First Year)

September 2023 - May 2024

Completed
Shanghai Jiao Tong University
Master of Engineering in Electronic Information

September 2020 - June 2023

Completed
Shanghai Jiao Tong University
Bachelor of Arts in French & Bachelor of Engineering in Information Engineering

September 2016 - June 2020

Completed

Research Interests

AI for Security (AI4Sec)

Developing AI-driven approaches to improve cybersecurity effectiveness.

Reinforcement Learning for Fuzzing

Using reinforcement learning to assist collaborative fuzzing techniques.

LLMs for Automatic Patching

Leveraging large language models to automatically generate and apply security patches.

Software Security

Vulnerability detection, analysis, and remediation techniques.

Awards

DARPA AIxCC Finalist (Top 7)

Core member of the ARTIPHISHELL team that advanced to the finals of the DARPA AI Cyber Challenge (AIxCC). Team won $2 million in semifinal competition.

My Role & Contributions:

During the early stages, I served as a core member of the patching team, focusing on automated vulnerability patching. As the competition progressed to the final phase, my responsibilities expanded to include custom model fine-tuning for vulnerability detection, contributing to the development of the root cause analysis engine kumu-shi, and supporting the maintenance of our patching tool named PatcherY.

Read More Washington Post Coverage
First Place in SBFT 2024 Fuzzing Competition

BandFuzz won the SBFT 2024 Fuzzing Competition, which uses mutation testing as the ranking metric. Our framework achieved the best performance across all evaluation metrics among all competing teams, including the highest number of mutant kills, the highest average mutation score, and the highest coverage of mutants.

Competition Summary
SBFT 2024 First Place Certificate

Click image to view full size

Selected Publications

Co-PatcheR: Collaborative Software Patching with Component(s)-specific Small Reasoning Models

arXiv 2025

A collaborative patching system with small and specialized reasoning models for individual components, achieving 46% resolved rate on SWE-bench-Verified with only 3 x 14B models.

Y Tang, H Li, K Zhu, M Yang, Y Ding, W Guo

View Paper
PatchPilot: A Cost-Efficient Software Engineering Agent with Early Attempts on Formal Verification

ICML 2025

A novel approach to automated software patching using AI agents with formal verification capabilities.

H Li, Y Tang, S Wang, W Guo

View Paper
BandFuzz: A Practical Framework for Collaborative Fuzzing with Reinforcement Learning

ICSE/SBFT 2024 (Workshop Paper)

A practical framework that leverages reinforcement learning to improve collaborative fuzzing effectiveness.

W Shi, H Li, J Yu, W Guo, X Xing

Workshop Paper (SBFT) Long Paper (arXiv)
Progent: Programmable privilege control for LLM agents

arXiv 2025

The first privilege control mechanism for LLM agents, providing fine-grained constraints over tool calls to ensure security while preserving utility.

T Shi, J He, Z Wang, L Wu, H Li, W Guo, D Song

View Paper
FS-IDS: A framework for intrusion detection based on few-shot learning

Computers & Security 2022

A framework for intrusion detection based on few-shot learning techniques.

J Yang, H Li, S Shao, F Zou, Y Wu

View Paper