Shenao Wang

Shenao Wang

What's Past Is Prologue ✨


😀 About Me

Hi, there! I am Shenao Wang (王申奥). I am currently pursuing my Ph.D. at Huazhong University of Science and Technology (HUST), supervised by Prof. Haoyu Wang, working with folks at Security PRIDE Research Group (Security, Privacy, and Dependability in Emerging Software Systems). Previously, I received my B.Eng. degree at Xidian University, under supervision of Prof. Hui Li in June 2023.

I am interested in the intersection of security, program analysis, and AI systems. Specifically, I focus on developing impactful, real-world solutions for detecting and defending against vulnerabilities in a wide range of systems, including Open-Source Software Supply Chains, Cross-Platform Endpoints, and Agentic Systems.

  • OSS Security: NPM/PyPI Code Poisoning (ASE’23, ASE’24)
  • Endpoint Security: Ransomware (CCS’24), MiniApp Security (ASE’23, ASE’25) & Privacy (SaTS’23, TOSEM’25)
  • Agentic Security: LLM Supply Chain (ASE’24, TOSEM’25), Agentic Software (ICSE’26), LLM Infra (ASE’25, ICSE’26)

If you would like to reach me, please send an email to shenaowang AT hust.edu.cn

🎉 News

  • 10/2025: Two papers working on LLM Infra Security were accepted by ICSE 2026!

  • 08/2025: Our paper working on Cookie Sharing in MiniApps was accepted by ASE’25!

  • 12/2024: Our paper working on MiniApp privacy was accepted by TOSEM!

  • 11/2024: Two papers working on LLM Apps and Supply Chain were accepted by TOSEM 2030 SE Roadmap!

  • 11/2024: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2024.

  • 08/2024: Two papers working on OSS/LLM supply chain security were accepted by ASE 2024 (Industry Showcase)!

  • 07/2024: Our paper on ransomware detection in industrial environments was accepted by CCS 2024. See you in Salt Lake City!

  • 12/2023: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2023.

  • 08/2023: Our paper on malicious npm/pypi package detection was accepted by ASE 2023 (Industry Challenge Track).

  • 07/2023: Our paper on WeChat AppSecret Leaks was accepted by ASE 2023.

  • 06/2023: I received my B.Eng. degree at Xidian University. :)

  • 05/2023: I was invited to give a presentation at the first Cyber Security Innovation Forum in Wuhan.

  • 09/2022: I became a member of SECURITY PRIDE Research Group.

📝 Selected Publications

(* Equal Contribution)

Preprint

  • [arXiv] SoK: Understanding Vulnerabilities in the Large Language Model Supply Chain PDF
    Shenao Wang, Yanjie Zhao, Zhao Liu, Quanchen Zou, Haoyu Wang

  • [arXiv] Understanding Large Language Model Supply Chain: Structure, Domain, and Vulnerabilities PDF
    Yanzhe Hu*, Shenao Wang*, Tianyuan Nie, Yanjie Zhao, Haoyu Wang

  • [arXiv] Toward Understanding Bugs in Vector Database Management Systems PDF
    Yinlin Xie, Xinyi Hou, Yanjie Zhao, Shenao Wang, Kai Chen, Haoyu Wang

  • [arXiv] Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions PDF
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang

Conference

  • [ICSE'26] VDBFuzz: Understanding and Detecting Crash Bugs in Vector Database Management Systems PDF Repo
    Shenao Wang*, Zhao Liu*, Yanjie Zhao, Quanchen Zou, Haoyu Wang.
    The 48th IEEE/ACM International Conference on Software Engineering (ICSE'26)
  • [ICSE'26] TaintP2X: Detecting Taint-Style Prompt-to-Anything Injection Vulnerabilities in LLM-Integrated Applications PDF Repo
    Junjie He*, Shenao Wang*, Yanjie Zhao, Xinyi Hou, Zhao Liu, Quanchen Zou, Haoyu Wang.
    The 48th IEEE/ACM International Conference on Software Engineering (ICSE'26)
  • [ASE'25] Demystifying Cookie Sharing Risks in WebView-based Mobile App-in-app Ecosystems PDF
    Miao Zhang*, Shenao Wang*, Guilin Zheng, Yanjie Zhao, Haoyu Wang.
    The 40th IEEE/ACM International Conference on Automated Software Engineering (ASE'25)
  • [Internetware'25] Seeing is (Not) Believing: The Mirage Card Attack Targeting Online Social Networks PDF
    Wangchenlu Huang*, Shenao Wang*, Yanjie Zhao, Guosheng Xu, Haoyu Wang.
    Proceedings of the 15th Asia-Pacific Symposium on Internetware
  • [CCS'24] CanCal: Towards Real-time and Lightweight Ransomware Detection and Response in Industrial Environments PDF
    Shenao Wang*, Feng Dong*, Hangfeng Yang, Jingheng Xu, and Haoyu Wang.
    The 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS'24)
  • [ASE'24-Ind] Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs
    PDF Repo
    Jian Zhao*, Shenao Wang*, Yanjie Zhao, Xinyi Hou, Kailong Wang, Peiming Gao, Yuanchao Zhang, Chen Wei, Haoyu Wang.
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE'24), Industry Showcase
More
  • [ASE'25-Ind] A Characterization Study of Bugs in LLM Agent Workflow Orchestration Frameworks PDF
    Zilou Xue, Yanjie Zhao, Shenao Wang, Kai Chen, Haoyu Wang.
    The 40th IEEE/ACM International Conference on Automated Software Engineering (ASE'25), Industry Showcase
  • [Internetware'25] Exploring Typo Squatting Threats in the Hugging Face Ecosystem PDF
    Ningyuan Li, Yanjie Zhao, Shenao Wang, Zehao Wu, Haoyu Wang.
    Proceedings of the 15th Asia-Pacific Symposium on Internetware
  • [Internetware'25] GPT Store Mining and Analysis PDF
    Dongxun Su, Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang.
    Proceedings of the 15th Asia-Pacific Symposium on Internetware
  • [ASE'24-Ind] Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments PDF Repo
    Xinyi Zheng, Chen Wei, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, Haoyu Wang.
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE'24), Industry Showcase
  • [ASE'24-NIER] GPTZoo: A Large-scale Dataset of GPTs for the Research Community PDF Repo
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang.
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE'24), NIER Track
  • [ASE'23-Ind] MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains PDF Repo
    Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, Haoyu Wang.
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23), Industry Challenge Track
  • [ASE'23] WeMinT: Tainting Sensitive Data Leaks in WeChat Mini-Programs PDF Repo
    Shi Meng, Liu Wang, Shenao Wang, Kailong Wang, Xusheng Xiao, Guangdong Bai, Haoyu Wang.
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23)

Journal

  • [TOSEM'25] MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis PDF Repo
    Shenao Wang, Yuekang Li, Kailong Wang, Yi Liu, Hui Li, Yang Liu, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM)
    Also accepted by FSE 2025 Journal First Track
  • [TOSEM'25] Large Language Model Supply Chain: A Research Agenda PDF Repo
    Shenao Wang, Yanjie Zhao, Xinyi Hou, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap
More
  • [TOSEM'25] Large Language Models for Cyber Security: A Systematic Literature Review PDF
    Hanxiang Xu, Shenao Wang, Ningke Li, Kailong Wang, Yanjie Zhao, Kai Chen, Ting Yu, Yang Liu, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM)
  • [TOSEM'25] LLM App Store Analysis: A Vision and Roadmap PDF
    Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap

Workshop

  • [SE 2030] Towards Reliable Vector Database Management Systems: A Software Testing Roadmap for 2030 PDF
    Shenao Wang, Yanjie Zhao, Yinglin Xie, Zhao Liu, Xinyi Hou, Quanchen Zou, Haoyu Wang.
    ACM 2030 Roadmap for Software Engineering, co-located with FSE
  • [SaTS'23] On the Usage-scenario-based Data Minimization in Mini Programs PDF
    Shenao Wang, Yanjie Zhao, Kailong Wang, Haoyu Wang.
    The 2023 ACM Workshop on Secure and Trustworthy Superapps (SaTS), co-located with CCS

🔗 Service

Reviewer

  • 2025: TDSC, TOSEM, TOPS, EMSE

Sub Reviewer

  • 2026: USENIX Security, WWW
  • 2025: S&P, FSE, ISSTA, ASE, NSDI, AsiaCCS, PoPETs, IWQoS
  • 2024: CCS, FSE, ISSTA, WWW, IMC, Internetware, MSR, EASE, MobileSoft, SaTS, MobiLLM, LCTES

Publicity & Web Chair

  • LLMSC Workshop @ISSTA 2025

👾 Experience

Education

  • 09/2019 - 06/2023, B.Eng., Xidian University, Xi’an, China.
  • 09/2023 - 06/2025, M.S. Candidate, Huazhong University of Science and Technology, Wuhan, China.
  • 09/2025 - until now, Ph.D Candidate, Huazhong University of Science and Technology, Wuhan, China.

Intern

  • 01/2024 - 02/2024, Research Intern, Ant Group (MYbank), Hangzhou, China.
  • 09/2024 - 09/2025, Research Intern, Jinyinhu Lab, Wuhan, China.
  • 08/2025 - until now, Research Intern (Static Analysis, working on YASA and xAST), Ant Group, Chengdu, China.

🏆 Honors & Awards

Awards

  • 2024 - Third Prize, Prototype Competition in ChinaSoft’24 [Reference]
  • 2023 - Bronze Award, National Innovation Competition [Reference]
  • 2023 - Third Prize, Prototype Competition in ChinaSoft’23 [Reference]
  • 2022 - First Prize, National Digital Forensics Competition (19/764) [Reference]
  • 2022 - First Prize & Most Valuable Award, National College Student Information Security Contest (2/728) [Reference]
  • 2022 - Meritorious Winner, MCM/ICM (Problem A) [Reference]
  • 2021 - First Prize, National Cryptographic Competition (16/121) [Reference]
  • 2021 - First Prize, CUMCM in Shannxi Province [Reference]

Honors

  • 2025 - National Scholarship, Ministry of Education of P.R. China
  • 2025 - SIGSOFT CAPS AWARD FSE/ISSTA 2025
  • 2024 - National Scholarship, Ministry of Education of P.R. China [Reference]
  • 2024 - Merit Student, Huazhong University of Science and Technology [Reference]
  • 2023 - Outstanding Graduate of Shaanxi Province [Reference]
  • 2023 - Outstanding Bachelor Thesis, Xidian University [Reference]
  • 2022 - President Scholarship, Xidian University (5 undergraduates among 5300+) [Reference]
  • 2022 - National Scholarship, Ministry of Education of P.R. China (Top 1%) [Reference]
  • 2022 - Xiaomi Special Scholarship (5 undergraduates among 5300+)
  • 2021 - Excellent Student Cadre, Xidian University
  • 2021 - National Encouragement Scholarship, Ministry of Education of P.R. China
  • 2020 - Pacemaker to Merit Student, Xidian University
  • 2020 - Special Scholarship, Xidian University (Top 1%)

🌟 Grants

  • Detection of Supply Chain Poisoning
    Cybersecurity College Student Innovation Funding Program
    Funded by CSAC and DiDi, 2025.8-until now

  • Multilingual Program Analysis
    Cybersecurity College Student Innovation Funding Program
    Funded by CSAC and AntGroup, 2024.7-2025.4

  • Permission Abuse Detection in Android/iOS Apps
    Cybersecurity College Student Innovation Funding Program (Excellent Project [6/240])
    Funded by CSAC and NIO, 2022.7-2023.11

© Copyright 2025 Shenao Wang. Last Updated: 24 Dec 2025