Synthesizing Code and Chords: UMD Doctoral Student Benchmarks AI in Software Security

Published April 21, 2026

Whether he’s arranging a melodic progressive house track or developing rigorous security benchmarks to test AI-generated code, Chihao (Steven) Shen is driven by a desire to turn abstract concepts into tangible results.

A first-year computer science doctoral student at the University of Maryland, Shen focuses on software engineering and security. His research benchmarks artificial intelligence agents on their ability to write secure code and effectively patch vulnerabilities.

He’s also an amateur music producer who creates melodic progressive house music—a genre he describes as graceful and relaxing, reminiscent of ocean breezes and beaches. His interest in music production began in high school in China, where the curriculum emphasized music-making in every class. Since then, he has developed his skills through video tutorials and synthesizer manuals, creating tracks driven purely by personal interest.

Shen says his academic work and passion for music production share an underlying connection in process.

“You first come up with an idea, and then you try to use any kind of method to achieve it,” he says.

Shen adds that both disciplines have taught him that anything is possible.

“If you’re interested in a field and want to make a difference, you put yourself in that field, immerse yourself in what is already out there, and just do it,” he says.

In academia, Shen applies this mindset to questions at the intersection of AI and computer security. He is advised by Yizheng Chen, an assistant professor of computer science with an appointment in the University of Maryland Institute for Advanced Computer Studies (UMIACS) and a core member of the Maryland Cybersecurity Center (MC2). Shen chose to work with Chen after meeting her during an exchange program at the University of Chicago. Under her supervision, his research evaluates how well large language models (LLMs) handle software vulnerabilities.

Recently, Shen has been developing a comprehensive benchmark to evaluate how safely AI can complete code in large-scale, real-world software repositories. He presented this research in April in Rio de Janeiro at the LLM4Code workshop, co-located with the IEEE/ACM International Conference on Software Engineering (ICSE). The goal of the project is to determine whether AI models account for security protocols or simply generate functional code while leaving systems vulnerable.

“The key challenge here is that security bugs are deeply contextual,” Shen explains. “It is usually not enough to reason about only surface-level syntax—you need to consider repository-level context, program semantics and realistic testing conditions.”

Beyond benchmarking, Shen is also exploring ways to combine LLMs with traditional bug-hunting methods. He is the second author of a paper that was accepted to the main ICSE conference, which integrates AI with directed fuzzing—an automated testing method used to feed systems random data to uncover hidden vulnerabilities. Because traditional fuzzers often struggle with speed, this project uses AI to generate “intermediate predicates” that act as milestones, guiding the testing software to focus computational effort on paths likely to reach a target vulnerability, significantly improving efficiency.

Shen was initially drawn to computer security because of the tangible sense of achievement it offers. As AI agents increasingly assist developers with everyday coding tasks, he notes that his work is critical to reducing false positives and ensuring that AI-generated code is genuinely secure.

“There’s a sense of accomplishment in taking something abstract, like program behaviors or software system logic, and turning it into concrete results,” Shen says. “Whether we find a vulnerability, improve a testing method using AI tools or build a more reliable evaluation framework, we are creating something that makes a practical difference to both academia and the tech industry.”

—Story by Diya Sharma, UMIACS communications group