my photo

Haein Lee

Integrated MS/PhD Student in KAIST Hacking Lab

Hi! I'm an integrated MS/PhD student in the KAIST Hacking Lab. My hacking journey began in 2022 when I was admitted to the graduate program, and I was immediately captivated by the field. This fascination deepened as I discovered a bug in the Chromium browser and developed n-day exploit.

Since the rise of large language models, I've been particularly interested in applying AI to security tasks. From 2023 to 2025, I was part of Team Atlanta in the AIxCC competition, where I developed a patching agent. Currently, my primary focus remains on AI-driven security research.

Contact me

Education

KAIST

Integrated MS/PhD in Electrical Engineering, KAIST Hacking Lab • 2022 — Present

KAIST

B.S. in Electrical Engineering & Computer Science • 2017 — 2022

Publications

  • ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System
    Taesoo Kim, HyungSeok Han, Soyeon Park, Dae R. Jeong, Dohyeok Kim, Dongkwan Kim, Eunsoo Kim, Jiho Kim, Joshua Wang, Kangsu Kim, Sangwoo Ji, Woosun Song, Hanqing Zhao, Andrew Chin, Gyejin Lee, Kevin Stevens, Mansour Alharthi, Yizhuo Zhai, Cen Zhang, Joonun Jang, Yeongjin Jang, Ammar Askar, Dongju Kim, Fabian Fleischer, Jeongin Cho, Junsik Kim, Kyungjoon Ko, Insu Yun, Sangdon Park, Dowoo Baik, Haein Lee, Hyeon Heo, Minjae Gwon, Minjae Lee, Minwoo Baek, Seunggi Min, Wonyoung Kim, Yonghwi Jin, Younggi Park, Yunjae Choi, Jinho Jung, Gwanhyun Lee, Junyoung Jang, Kyuheon Kim, Yeonghyeon Cha, Youngjoon Kim
    arXiv, 2025.

Awards

  • 1st place in the DARPA's AIxCC as a member of Team Atlanta, 2025 (award $4M)
  • Google V8CTF M118 submission, 2023 (award $10K)

Bug Reports

  • CVE-2026-27114 Infinite loop in NanaZip ROMFS parser
  • CVE-2026-27014 Stack overflow in NanaZip ROMFS parser
  • CVE-2026-26282 Heap out-of-bounds read in NanaZip .NET Single File parser
  • CVE-2026-26269 Stack buffer overflow in Vim NetBeans integration
  • CVE-2026-26054 Heap out-of-bounds read in SumatraPDF MOBI header parser
  • CVE-2026-25920 Heap out-of-bounds read in SumatraPDF MOBI decompressor
  • CVE-2026-25961 Improper certificate validation in SumatraPDF update mechanism
  • CVE-2025-40275 NULL pointer dereference in Linux kernel ALSA USB-audio
  • CVE-2023-0696 Type confusion in V8 (reward $7K)

Talks

  • From the Vulnerability to the Victory: A Chrome Renderer 1-Day Exploit’s Journey to v8CTF Glory, TyphoonCon 2024, Seoul, South Korea, May, 2024.

Additional Links

Social Links

  • Github: https://github.com/haaeein/haaeein.github.io
  • Website: http://haaeein.github.io