Yang Zhang

attack arXiv Mar 1, 2026 · 11w ago

Turning Black Box into White Box: Dataset Distillation Leaks

Huajie Chen, Tianqing Zhu, Yuchen Zhong et al. · City University of Macau · CISPA Helmholtz Center for Information Security +2 more

Reveals that dataset distillation leaks training data via three-stage attack: architecture inference, membership inference, and model inversion

Model Inversion Attack Membership Inference Attack vision

PDF

defense arXiv Apr 17, 2026 · 4w ago

Pruning Unsafe Tickets: A Resource-Efficient Framework for Safer and More Robust LLMs

Wai Man Si, Mingjie Li, Michael Backes et al. · CISPA Helmholtz Center for Information Security

Prunes model parameters responsible for unsafe LLM outputs, reducing harmful generations and jailbreak success with minimal utility loss

Prompt Injection nlpmultimodal

PDF

attack arXiv Mar 1, 2026 · 11w ago

Hide&Seek: Remove Image Watermarks with Negligible Cost via Pixel-wise Reconstruction

Huajie Chen, Tianqing Zhu, Hailin Yang et al. · City University of Macau · CISPA Helmholtz Center for Information Security +1 more

Pixel-wise reconstruction attack removes AI-image watermarks without querying detectors or knowing the watermarking scheme

Output Integrity Attack visiongenerative

PDF

benchmark arXiv Mar 12, 2026 · 10w ago

Understanding LLM Behavior When Encountering User-Supplied Harmful Content in Harmless Tasks

Junjie Chu, Yiting Qu, Ye Leng et al. · CISPA Helmholtz Center for Information Security · Delft University of Technology

Benchmarks LLM safety alignment failures when harmful content is embedded in benign tasks like translation, revealing a content-level ethical blind spot

Prompt Injection nlp

PDF

benchmark arXiv Apr 17, 2026 · 4w ago

TwoHamsters: Benchmarking Multi-Concept Compositional Unsafety in Text-to-Image Models

Chaoshuo Zhang, Yibo Liang, Mengke Tian et al. · Xi’an Jiaotong University · CISPA Helmholtz Center for Information Security

Benchmark evaluating compositional safety vulnerabilities in text-to-image models when benign concepts combine to create unsafe outputs

Input Manipulation Attack visiongenerative

PDF

benchmark arXiv Apr 9, 2026 · 6w ago

The Art of (Mis)alignment: How Fine-Tuning Methods Effectively Misalign and Realign LLMs in Post-Training

Rui Zhang, Hongwei Li, Yun Shen et al. · University of Electronic Science and Technology of China · Flexera +2 more

Evaluates six fine-tuning methods for both misaligning safety-aligned LLMs and realigning them, revealing asymmetric attack-defense dynamics

Transfer Learning Attack Prompt Injection Training Data Poisoning nlp

PDF Code

benchmark arXiv Aug 28, 2025 · Aug 2025

JADES: A Universal Framework for Jailbreak Assessment via Decompositional Scoring

Junjie Chu, Mingjie Li, Ziqing Yang et al. · CISPA Helmholtz Center for Information Security · Xi’an Jiaotong University

Benchmark framework using decompositional scoring to evaluate LLM jailbreak success, achieving 98.5% human agreement and exposing attack overestimation