Hongbo Wen

I am a Ph.D. candidate in Computer Science at UC Santa Barbara, advised by Yu Feng and working closely with Dahlia Malkhi and Yanju Chen. Before UCSB, I received my B.Eng. from Tsinghua University.

I develop program analysis and synthesis techniques to secure complex software systems, with applications in LLM agent security, cryptography & zero-knowledge proofs, and AI-augmented vulnerability discovery. My work has been funded by Ethereum Foundation and conducted in collaboration with Google Security and a16z crypto.

Email  /  Google Scholar  /  GitHub  /  CV

profile photo

Publications

* Equal Contribution

arXiv 2026 LLM Agent Security
VIGIL: Runtime Enforcement of Behavioral Specifications in AI Agent Skills
Ying Li, Yanju Chen, Hongbo Wen, Bosi Zhang, Hanzhi Liu, Peiran Wang, Yu Feng, Yuan Tian
pdf
arXiv 2026 LLM Agent Security
No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills
Ying Li, Hongbo Wen, Yanju Chen, Hanzhi Liu, Yuan Tian, Yu Feng
pdf
arXiv 2026 LLM Agent Security
SEMIA: Auditing Agent Skills via Constraint-Guided Representation Synthesis
Hongbo Wen, Ying Li, Hanzhi Liu, Chaofan Shou, Yanju Chen, Yuan Tian, Yu Feng
pdf
arXiv 2026 AI-Augmented Vuln Discovery
Synthesizing Multi-Agent Harnesses for Vulnerability Discovery
Hanzhi Liu, Chaofan Shou, Xiaonan Liu, Hongbo Wen, Yanju Chen, Ryan Jingyang Fang, Yu Feng
pdf
arXiv 2026 LLM Agent Security
Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain
Hanzhi Liu, Chaofan Shou, Hongbo Wen, Yanju Chen, Ryan Jingyang Fang, Yu Feng
pdf
OOPSLA'25 Crypto & ZKP
Tabby: A Synthesis-Aided Compiler for High-Performance Zero-Knowledge Proof Circuits
Junrui Liu, Jiaxin Song, Yanning Chen, Hanzhi Liu, Hongbo Wen, Luke Pearson, Yanju Chen, Yu Feng
pdf
IACR ePrint 2025 Crypto & ZKP
Thunderbolt: Fast Asynchronous Off-Chain Bitcoin Transfers
Hongbo Wen, Hanzhi Liu, Yanju Chen, Jingyu Ke, Dahlia Malkhi, Yu Feng
pdf
ACM CCS'24 AI-Augmented Vuln Discovery
FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi Protocols
Hongbo Wen, Hanzhi Liu, Jiaxin Song, Yanju Chen, Wenbo Guo, Yu Feng
pdf / bib / code
USENIX Security'24 Crypto & ZKP
Practical Security Analysis of Zero-Knowledge Proof Circuits
Hongbo Wen, Jon Stephens, Yanju Chen, Kostas Ferles, Shankara Pailoor, Kyle Charbonnet, Isil Dillig, Yu Feng
pdf / bib / code

Zero-Day Discoveries

LLM Agents Filed 50+ zero-day security advisories on OpenClaw/ClawHub agent skills, covering credential leakage, RCE, PII exfiltration, and indirect prompt injection (e.g., clawhub#1911).
DeFi Discovered 10 zero-day vulnerabilities on BNB Chain DeFi protocols using FORAY, with verified exploit traces matching ≥$21M in historical loss patterns (e.g., Discover).
ZK Circuits Discovered zero-day vulnerabilities in widely-used Circom projects using ZKAP, including 0xPARC, Polygon-ZK, Axiom, iden3, and privacy-ethereum (e.g., circom-pairing).

Invited Talks

Feb 2026 Tabby: A Synthesis-Aided Compiler for High-Performance Zero-Knowledge Proof Circuits SoCalPLS, USC, Los Angeles, CA
Feb 2025 Tabby: Automated Programming of Efficient Zero-Knowledge Proof Circuits ETHDenver, Denver, CO
Feb 2025 Practical Security Analysis of Zero-Knowledge Proof Circuits SoCalPLS, UCSD, San Diego, CA
Oct 2024 FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi Protocols ACM CCS '24, Salt Lake City, UT
Aug 2024 Practical Security Analysis of Zero-Knowledge Proof Circuits USENIX Security '24, Philadelphia, PA

Grants & Awards

2024 Ethereum Foundation Academic Grant, Cybersecurity and Privacy Track
Topic: Sentinel — Adaptive Counter-Attack Synthesis for Mitigating Onchain Exploits
Yu Feng, Hanzhi Liu, Hongbo Wen
2023 Ethereum Foundation Academic Grant, Formal Verification Track
Topic: Financial Model-Driven Attack Synthesis for DeFi
Yu Feng, Yanju Chen, Hongbo Wen
This grant led to the development of FORAY (ACM CCS'24).
2022 Academic Excellence Fellowship, UC Santa Barbara

Experience

2024 – Present Co-founder & Principal Architect, Riema Labs
Led a 50-person engineering team through an AI-first development transformation, shipping cross-chain bridges, Bitcoin-native ZK infrastructure, and user-custody wallet systems serving 150K+ users.
2022 R&D Engineer, Veridise Inc.
Smart contract and zero-knowledge proof security. Discovered 30+ critical vulnerabilities in widely-used ZK projects.

Service

2025 USENIX Security '25 Artifact Evaluation Committee
2023 – 2025 Teaching Assistant, CS162 Programming Languages, UC Santa Barbara

Design inspired by Jon Barron