“I love the low levels and things that intrigue me.”

At only 15 years old, Ruikai “Patrick” Peng has already established himself as a formidable presence in the cybersecurity world. To start, he already has an impressive portfolio of discovered vulnerabilities, resulting in 25 CVEs. He runs a popular blog called retr0.blog that pulls in over 20k monthly readers, a front-page spot on Hacker News, and an appearance on fefe.de—a famous site that shares daily technical bits. To put it lightly, Ruikai is crushing it.

Ruikai specializes in what he calls “the low levels“—the intersection of machine learning (ML) security, binary exploitation, and ML security automation. “I like to refer to it as the ‘low levels,’” Ruikai explains. “I really like that term since it can mean ‘low level’ as in binary exploitation and working with registers or ‘low level’ as in working in basic implementations and the internals of frameworks and applications.”

Ruikai has uncovered remote code execution (RCE) vulnerabilities in major ML frameworks including TensorFlow, Transformers, and Llama.cpp. His work extends beyond ML, including findings in government systems, Google, Microsoft, and Evernote.

Ruikai has also been accepted as a speaker at Black Hat USA, making him the youngest presenter in the Black Hat USA’s history.

Beyond the technical

Behind the impressive technical achievements is a teenager with remarkably diverse interests. Originally from Shanghai and the oldest of three siblings, Ruikai leads a life rich in creative pursuits and physical activities.

Theater holds a special place in his heart. “I do theater! It has always been a secure and open space for me. I debuted as Troy Bolton in High School Musical during a middle school production, and that was a fantastic experience,” he shares.

His technical mindset extends to his hobbies. “I built my own drone by learning how to solder and buying flight controllers (FCs),” he says of his experience as a first-person-view (FPV) pilot. Similarly, his approach to photography demonstrates his typical deep-dive methodology: “Since my mom gave me a little Canon camera when I was seven, I have been in love with photography. During summer breaks when I was younger, I would spend all day in my room figuring out how ISO works internally and looking into different explanations and hour-long videos. I would write a whole page on camera internals and post it to my WeChat Moments.”

Ruikai’s athletic endeavors are equally impressive: “I played varsity soccer for a while back in middle school. I will always remember being on the field with dozens of my friends. We’d play outside in the middle of summer in shirts and our khakis. We would literally be soaking wet after a fair match, and I still remember we’d split an ice-cold bottle of Coke.”

And a fun fact that perfectly encapsulates his blend of technical aptitude and performance skills? “I spent a week building an 8-bit register system in Minecraft, and I can perform Troy Bolton’s ‘Getcha Head in the Game’ with full choreography simultaneously!” he shares.

From middle school websites to ML security

Ruikai’s journey as a hacker began much earlier in his life with a simple exploit on his middle school’s website. “I started getting into technical writing when I was about 11, after I found a simple way to exploit an information leak into a get-shell using an n-day exploit on my middle school’s website. It was kind of a simple exploitation, but it meant so much to me back then,” he says.

This initial success sparked his passion: “I wrote my first writeup about it [first exploit] and posted it on Zhihu, which is sort of like Chinese Reddit + Quora, and it received a little attention. That little attention motivated me a lot.”

His curiosity has remained consistent. “I have always looked but I never really hunted…. The habit of looking a little deeper into the daily tangibles has really led me to some interesting finds,” he says.

In August 2023, Ruikai’s talents were recognized when he became the youngest participant in Tencent‘s T-Spark Talent program, working alongside top college students from prestigious institutions.

“I was the youngest participant of all time—I was 14. Others were around 19–20,” he notes. This experience helped shape his future direction: “I woke up one night and had an epiphany. I pivoted to looking for low-level, sophisticated, and elaborate exploitation vectors that led to understandable, severe consequences—something like Google Project Zero.”

The llama.cpp exploitation

One of Ruikai’s most notable achievements involves Llama.cpp, a foundational component in modern large language model (LLM) inference.

“Llama.cpp is a low-level inference library written in C/C++, and today, virtually every locally deployed LLM builds on it,” Ruikai explains. “It’s written in a low-level way that you can describe as the keystone/fundamentals of modern-day LLM inferencing.”

His research led to the discovery of a critical vulnerability with far-reaching implications: “I turned a heap overflow on Tensor operations to RCE by using Llama.cpp internals (memory layout) and interesting techniques like partial-writing and structure-oriented exploitations. This allows you to fully take over computation RPC nodes and clusters—usually with massive computational resources—via an endpoint.”

The path to this discovery wasn’t straightforward. “At first, with a prior month of research on the internal implementation of the RPC server, I was able to discover a limited heap overflow caused by Tensor miscalculation. However, unique memory structures and implementations of llama.cpp RPC made it extremely difficult to escalate to something meaningful,” Ruikai recalls.

The breakthrough came only after intense effort: “Following 50 straight hours of GDB’ing, the exploitation was finally constructed, after countless setbacks, obstacles, and snags, as well as the paradox of memory state and object reuse. I was able to find the exploitation through a heap maze through nothing but weird behaviors, unpredictable object layouts, a whimsical exploitation approach, and working with what I had.”

The vulnerabilities of AI/ML frameworks

When discussing common vulnerabilities in AI/ML frameworks, Ruikai points to a specific area: “Deserializations (model parsing). These can be pickle state machines, TensorFlow operators, Keras Lambda layers, and SavedModel (this is more as a backdoor).”

He has also developed insights regarding tokens in language models. “Tokens are fun. You can do really cool things with a token without really messing with a model’s weight/hidden internals. Manipulating the tokenizer is the simplest tweak on the tokenizer.json that can cause the most interesting result,” he says.

Regarding AI’s future impact on cybersecurity, Ruikai offers a nuanced perspective: “The fact that critical vulnerabilities in AI/ML frameworks can exist in an ‘old-fashioned’ way highlights that security is about ‘adaptation.’ Novelty is still definitely the key, but similar to the way ML is still optimizing calculus problems but in a more complex, clever, and interesting way, ML security still has a long way to go.”

He predicts there will be a surge in identified issues. “Given the lack of security in AI-enabled programming, you will see a boom in the number of reported vulnerabilities and CVEs. I have seen lots of people pulling off the coolest hacks using the oldest tricks,” he gushes.

Tools of choice

For his work, Ruikai relies heavily on one particular tool. “GDB, the GNU debugger, allows you to see what is going on ‘inside’ another program while it executes—or what another program was doing at the moment it crashed. I love it because it allows precision control over the most low-level components (i.e., having everything under control, seeing each register, and viewing heap allocations during an exact frame), all while providing fantastic community support,” he shares.

He’s also developed automation tools. When asked about using ML automation in attacks, he recommends AutoGDB with Binary Ninja MCP. “Go and try it out!” he urges.

The balance: Hacking, school, and life

Beyond his technical prowess, Ruikai maintains diverse interests across theater, music, sports, and photography. “I love everything. What that means is I am interested in everything and I treat all my pursuits with love and joy,” he says.

He acknowledges it is challenging to balance multiple commitments. “It’s extremely hard, especially between trying to start new things, conducting security research, and paying enough attention to the emotional world while staying on track with the real world and academics. I focus and prioritize, but sometimes, I have to trade one thing for another and think deliberately,” he shares.

For Ruikai, mental health is a priority. “Taking a break is the most essential for avoiding burnout. In this industry, burnout usually comes with imposter syndrome and anxiety. I often feel so behind and like I am not keeping up with the work,” he says.

Lessons for new hackers

Ruikai has some valuable advice for those following in his footsteps: “Simplicity over complexity—eliminate vagueness. Deep understanding of the target framework, architecture, and tech stack is always the number-one priority. Genuine intellectual curiosity is the best workmate for momentum. Aim small to grow, aim big to jump. Focus is extremely important.”

He emphasizes that impactful discoveries often come unexpectedly: “Some of the most badass research I have stumbled upon came about because I randomly glanced at something or had a side thought, but after digging, I realized that behind these findings might be a considerably large amount of knowledge.”

Looking forward

When contemplating his future, Ruikai maintains a flexible outlook guided by clear principles: “I usually follow my passions and let curiosity guide me. This is the most dominant driver of momentum. I believe they’ll take me where I’m meant to go.”

He also looks to those who have made significant impacts. He shares, “I follow the steps of others who pushed for change and impacted the world, and I walk my path knowing the person I want to become.”

Rather than adhering to rigid plans, Ruikai embraces adaptability. “I don’t try to predict where I will be in a few years or more. I would rather go with the flow. I want to keep learning while working with what I have and trying to earn and leverage the best opportunities and decisions for myself,” he says. When asked about his ideal career, he has huge aspirations that he intends to see through: “I’m on a path to start something big, something that I am passionate about (imagine something that’ll change the world).”

With so many remarkable accomplishments already under his belt and a future full of potential, Ruikai Ruikai represents a new generation of security researchers bringing fresh perspectives to cybersecurity. Follow his journey through his blog retr0.blog or find him on X or LinkedIn.