Zijie Zhao

GitHub zzjas zzjas98 LinkedIn zijie-zhao Google Scholar Scholar

About me

I am Zijie Zhao, a third year PhD student in the PL/FM/SE group at University of Illinois Urbana-Champaign advised by Lingming Zhang.

I'm most interested in LLM agents for automated vulnerability discovery, drawing on techniques from software engineering and programming languages. I have a particular passion for uncovering bugs in large-scale, foundational systems such as operating system kernels, web browsers, compilers, and virtual machines.

I obtained my bachelor's and master's degree in Computer Science at University of California San Diego.

Publication

AnyPoC: Universal Proof-of-Concept Test Generation for Scalable LLM-Based Bug Detection

Zijie Zhao, Chenyuan Yang, Weidong Wang, Yihan Yang, Ziqi Zhang, Lingming Zhang

arXiv 2026

KNighter: Transforming Static Analysis with LLM-Synthesized Checkers

Chenyuan Yang, Zijie Zhao, Zichen Xie, Haoyu Li, Lingming Zhang

SOSP 2025

Kernelgpt: Enhanced kernel fuzzing via large language models

Chenyuan Yang, Zijie Zhao, Lingming Zhang

ASPLOS 2025

WaVe: a verifiably secure WebAssembly sandboxing runtime

Evan Johnson, Evan Laufer, Zijie Zhao, Shravan Narayan, Stefan Savage, Deian Stefan, Fraser Brown

IEEE S&P 2023 🏆 Distinguished Paper Award

Industry Experience

AptosLabs

May - Aug 2024, Feb - Aug 2025

Graduate Intern

Built a source code level fuzzer MoveSmith for the Aptos Move Compiler and VM stack.
MoveSmith is able to generate complex Move programs with high valid rate by respecting rules for language features like ability constraints, lifetime, and ownership.
To date, MoveSmith has found 50+ bugs in both the compiler and the VM.
Implemented an LLM-based Move program generator to automatically generate diverse tests for new language features.

AppFolio

June - Sept 2019

Software Engineer Intern

Used React.js, MobX.js, and Bootstrap to build complex web-based financial applications.
Maintained existing server-rendered applications built by Ruby on Rails.
Reduced page loading time from 18s to 2s and data saving time from 100s to 15s.
Optimized over 2400 SQL queries into 600 queries.

Teaching Experience

UIUC CS 527: Topics in Software Engineering
UIUC CS 427: Software Engineering I
UCSD CSE 127: Intro to Computer Security
UCSD CSE 21: Mathematics for Algorithms and Systems
UCSD CSE 12: Basic Data Structures and OOD
UCSD CSE 11: Introduction to Java

Selected Bugs

A selection of bugs that my work found:

Firefox
- CVE-2020-26960 (received $1,000 bug bounty)
Linux kernel
- CVE-2024-23851, CVE-2023-52429, CVE-2024-23848, CVE-2024-23850, CVE-2024-25739, CVE-2024-23849, CVE-2024-25740, CVE-2024-26655, CVE-2024-25741, CVE-2024-43825, CVE-2024-50103
Aptos Move
- Nested borrow, Operand order, Compile V1 Bugs, Mutable Borrow Comparison, Type Inference for abort, Bytecode Verifier Erros(MOVELOC_UNAVAILABLE_ERROR, STLOC_UNSAFE_TO_DESTROY_ERROR, COPYLOC_EXISTS_BORROW_ERROR)