Xiaokui Shu


Xiaokui Shu




Senior Research Scientist


IBM Research - Yorktown Heights Yorktown Heights, NY USA


Dr. Xiaokui Shu is a Senior Research Scientist at IBM Research and the Chair of Technical Steering Committee at Open Cybersecurity Alliance. He is inventing the future of cyber defense as interviewed with ACM (The Pursuit of Speed in Cybersecurity) and talked at ACSAC (Unleashing Cyber Reasoning). Dr. Shu leads the cyber reasoning initiative at IBM Research, designing, prototyping, and delivering AI-enabled cyber defense solutions to IBM and the community. He is the co-founder of project Kestrel, building composable and reusable cyber threat hunts for unleashed productivity and fun.

Kestrel Blue Team Lab | Black Hat 2022 Session Recording

From creating penetration tests in college to leading the design of the next-generation Security Operation Center (SOC) in the DARPA Transparent Computing program, Dr. Shu has been studying different aspects of modern cyber threats and a variety of defenses with or without human in the loop. He wins the first prize in Virginia Tech Inaugural Cyber Security Summit Competition; Communications of the ACM features his anomaly detection approach; the IEEE Signal Processing Society identifies his data leak detection work among the 25 most downloaded papers in 2018; and ACM highlights his vision on composable graph-based cyber reasoning in the ACM press release. Dr. Shu is an active speaker at major security conferences such as RSA, BlackHat, and SANS. He serves on program committee and technical steering committee of conferences and organizations such as ACSAC and OCA, and he is the Technical Editor for the book Cyber Threat Hunting.

Research interests: cyber threat hunting, generative AI, graph analytics, reinforcement learning.







Building reusable, composable, and shareable huntflows across different data sources and threat intel.

Blog posts

Top collaborators

Jiyong Jang

Jiyong Jang

Principal Research Scientist & Manager, AI Supply Chain Security