I’m an Associate Professor at the School of Computer Science and Engineering, Beihang University, in Prof. Liu Xianglong’s team. Previously, I was a research fellow at the CCDS, Nanyang Technological University, under the supervision of Prof. Liu Yang. I have been awarded the AISG PhD Fellowship and the DAAD AInet Fellowship, along with third place in the AISG Trusted Media Challenge, receiving a cash prize of 25,000 SGD. I feel fortunate to have the opportunity to work with Tianyu Pang, Chao Du, Qian Liu, and Min Lin at Sea AI Lab.

My goal is to develop self-healing (immunity-inspired) agents in the context of edge intelligence, with the primary aim of ensuring agent security in an automated and continuously evolving manner.

Existing research in this area largely treats AI models/agents as isolated systems, focusing primarily on vulnerabilities inherent to the models/agents themselves while overlooking the role of the underlying infrastructure. In contrast, my research investigates security issues arising from faults in the AI software stack. For example, bugs at this level can lead to unexpected model behavior, such as failure to reduce training loss or degraded robustness during inference. Therefore, my work jointly considers both AI agents and the supporting software stack.

Ultimately, I aim to extend this line of research to enable trustworthy AI systems for satellites and deep-space devices.

My research：

• AI Security: [ACL F 2026],[CVPR F 2026], [TDSC 2025], [ICML 2025], [TIFS 2025], [TOSEM 2025], [USENIX Security 2025], [ICSE 2025], [ICSE 2025], [AAAI 2025], [NeurIPS 2024], [ICLR 2024], [ICLR 2024], [TMM 2024], [AAAI 2024], [TOSEM 2021], [ISCI 2020], [TIP 2020], AI Fairness: [FSE 2026], [FSE 2025], [ICSE 2025], [ICSE 2024], [TOSEM 2023], [ICML 2023], [IJCAI 2023], [ISSTA 2023] Interpretability and Its Applications: [TOSEM 2025], [ICLR 2025], [TCAD 2024], [ICML 2024], [AAAI 2024], [ICLR 2020]
• Trustworthy Code Intelligence: [ACL 2026], [ICSE NIER 2026], [TOSEM 2025], [ICSE NEIR 2025], [ASE 2024], [Coling 2024], [ASE 2023]

News

•   April 2026: Our paper “OptiCo: Adaptive Distributed Training Optimization via Collaborative Agent Reasoning” is accepted by ACL 2026.
•   April 2026: Our paper “Uncovering Strategic Egoism Behaviors in Large Language Models” is accepted by ACL Findings 2026.
•   April 2026: Our paper “Fairness Testing of Large Language Models in Role-Playing” is accepted by FSE 2026.
•   Mar 2026: Our paper “Verify Claimed Text-to-Image Models via Boundary-Aware Prompt Optimization” is accepted by CVPR Findings 2026.
•   Dec 2025: Our paper “A survey on physical adversarial attacks against face recognition systems” is accepted by Neurocomputing.
•   Dec 2025: Our paper “Unveiling the Potential of Diffusion Large Language Models in Software Engineering Tasks: An Empirical Study” is accepted by ICSE 2026 NIER.
•   Nov 2025: We won the championship in the NTU 2025 Staff 3x3 Basketball Tournament and the championship in the 2025 Zhejiang Lab Basketball Event.
•   Oct 2025: Our paper “Foolsdedit: Deceptively steering your edits towards targeted attribute-aware distribution” is accepted by TDSC 2025.
•   June 2025: I have been awarded the Chinese Government Award for Outstanding Self-Financed Students.
•   May 2025: Our paper “Defending LVLMs Against Vision Attacks through Partial-Perception Supervision” is accepted by ICML 2025.
•   April 2025: I have been selected as one of the best reviewers for AISTATS 2025.
•   April 2025: Our paper “Software Fairness Dilemma: Is Bias Mitigation a Zero-Sum Game?” is accepted by FSE 2025.
•   Mar 2025: Our paper “Compromising embodied agents with contextual backdoor attacks” is accepted by TIFS 2025.
•   Mar 2025: Our paper “NeuSemSlice: Towards Effective DNN Model Maintenance via Neuron-level Semantic Slicing” is accepted by TOSEM 2025.
•   Mar 2025: Our paper “JailGuard: A Universal Detection Framework for Prompt-based Attacks on LLM Systems” is accepted by TOSEM 2025.
•   Jan 2025: Our paper “Dormant: Defending against Pose-driven Human Image Animation” is accepted by USENIX Security 2025.
•   Jan 2025: Our paper “Speculative Coreset Selection for Task-Specific Fine-tuning” is accepted by ICLR 2025.
•   Jan 2025: Our paper “Understanding the Effectiveness of Coverage Criteria for Large Language Models: A Special Angle from Jailbreak Attacks” is accepted by ICSE 2025.
•   Jan 2025: Our paper “Dissecting Global Search: A Simple yet Effective Method to Boost Individual Discrimination Testing and Repair” is accepted by ICSE 2025.
•   Jan 2025: Our paper, “Perception-Guided Jailbreak Against Text-to-Image Models,” has been selected for an oral presentation at AAAI 2025.
•   Jan 2025: Our paper “Teaching Code LLMs to Use Autocompletion Tools in Repository-Level Code Generation” is accepted by TOSEM 2025.
•   Dec 2024: Our paper “Towards Trustworthy LLMs for Code: A Data-Centric Synergistic Auditing Framework” is accepted by ICSE 2025 NIER track.
•   Dec 2024: Our paper “Perception-guided jailbreak against text-to-image models” is accepted by AAAI 2025.
•   Nov 2024: I have been selected as one of the top reviewers for NeurIPS 2024 (1304/15160 8.6%).
•   Nov 2024: We won the championship in the NTU 2024 Staff 3x3 Basketball Tournament and achieved 1st runner-up in the 2024 Sports Challenge Basketball Event.
•   Oct 2024: Our paper “BDefects4NN: A Backdoor Defect Database for Controlled Localization Studies in Neural Networks” is accepted by ICSE 2025. Congrats to Yisong!
•   Sept 2024: Our paper “SampDetox: Black-box Backdoor Defense via Perturbation-based Sample Detoxification” is accepted by NeurIPS 2024.
•   Aug 2024: Our paper “VulAdvisor: Natural Language Suggestion Generation for Software Vulnerability Repair” is accepted by ASE 2024.
•   July 2024: Our paper “CaBaFL: Asynchronous Federated Learning via Hierarchical Cache and Feature Balance” is accepted by EMSOFT 2024 and TCAD.
•   May 2024: Our paper “Improving Neural Logic Machines via Failure Reflection” is accepted by ICML 2024. Congrats to Zhiming!
•   April 2024: I get the DAAD AInet Fellowship.
•   Feb 2024: Our paper “Unveiling project-specific bias in neural code models” is accepted by COLING 2024.
•   Feb 2024: Our paper “BadEdit: Backdooring Large Language Models by Model Editing” is accepted by ICLR 2024.
•   Feb 2024: Our paper “IRAD: Implicit Representation-driven Image Resampling against Adversarial Attacks” is accepted by ICLR 2024.
•   Dec 2023: Our paper “FedMut: Generalized Federated Learning via Stochastic Mutation” is accepted by AAAI 2024 (oral).
•   Dec 2023: Our paper “Personalization as a Shortcut for Few-Shot Backdoor Attack against Text-to-Image Diffusion Model” is accepted by AAAI 2024.