About Me

I'm currently a third-year PhD student at CMU ECE, where I have the privilege to work with Prof. Matt Fredrikson. I also work closely with Prof. Corina S. Pasareanu.

I have previously interned at Gray Swan, Microsoft Copilot, AWS Agentic AI Lab, ByteDance Seed, and Sea AI Lab. I was glad to work with Yu Hu, Dhananjay Ram, Lu Jiang, and Tianyu Pang.

Previously, I was a master's student at Institute of Automation, Chinese Academy of Sciences, working with Prof. Liang Wang and Prof. Yan Huang.
Before this, I received my bachelor's degree from University of Chinese Academy of Sciences (UCAS). I also had a good time at the EECS, University of California, Berkeley.

I'm fascinated in robustness / attacks / defenses in LLM/MLLM/Gen models.

Research

Check the full publication list at [Google Scholar]

LLM / Agent performance

AgentArk: Distilling Multi-Agent Intelligence into a Single LLM Agent
Yinyi Luo, Yiqiao Jin, Weichen Yu, Mengqi Zhang, Srijan Kumar, Xiaoxiao Li, Weijie Xu, Xin Chen, Jindong Wang.

[paper] [code]

TL;DR: Distill a group of agents knowledge into a single agent.

The Vision Wormhole: Latent-Space Communication in Heterogeneous Multi-Agent Systems
Xiaoze Liu, Ruowang Zhang, Weichen Yu , Siheng Xiong, Liu He, Feijie Wu, Hoin Jung, Matt Fredrikson, Xiaoqian Wang, Jing Gao

[paper] [code]

TL;DR: Hetero-agents communication in latent space.

Multi-Rollout On-Policy Distillation via Peer Successes and Failures
Weichen Yu, Xiaomin Li, Yizhou Zhao, Xiaoze Liu, Ruowang Zhang, Haixin Wang, Yinyi Luo, Chen Henry Wu, Gaurav Mittal, Matt Fredrikson, Yu Hu.

RLxF @ ICML 2026 [paper] [code]

TL;DR: Multi-rollout on-policy distillation that uses peer successes and failures for stronger teacher signals.

LLM Generated Code Security

SecCodePRM: A Process Reward Model for Code Security
Weichen Yu, Ravi Mangal, Yinyi Luo, Kai Hu, Jingxuan He, Corina S Pasareanu, Matt Fredrikson.

ICML 2026 [paper] | [code]

TL;DR: A security-oriented process reward model for code generation.

A Mixture of Linear Corrections Generates Secure Code.
Weichen Yu, Ravi Mangal, Terry Zhuo, Matt Fredrikson, Corina S Pasareanu.

ResponsibleFM @ NeurIPS 2025 [paper] [code]

TL;DR: Using a bank of steering vectors to generate secure code.

PrivCode: When Code Generation Meets Differential Privacy
Zheng Liu, Chen Gong, Terry Yue Zhuo, Kecen Li, Weichen Yu, Matt Fredrikson, Tianhao Wang.

NDSS 2026 [paper] [code]

TL;DR: Differentially private code generation with theoretical guarantees for protecting sensitive code.

LLM / Agent Jailbreak

Infecting LLM Agents via Generalizable Adversarial Attack
Weichen Yu, Kai Hu, Tianyu Pang, Chao Du, Min Lin, Matt Fredrikson.

COLM 2025 | RedTeaming @ NeurIPS 2024 (Oral) [paper]

TL;DR : With one intervention, let one malicious LLM agent compromise a group of malicious LLM agents.

Efficient LLM Jailbreak via Adaptive Dense-to-sparse Constrained Optimization
Kai Hu*, Weichen Yu*, Tianjun Yao, Xiang Li, Wenhe Liu, Lijun Yu, Yining Li, Kai Chen, Zhiqiang Shen, Matt Fredrikson
NeurIPS 2024 (Poster)

[paper] [code]

TL;DR: White-box optimization based LLM jailbreak, which converges faster using dense-to-sparse projection.

Other LLM / VLM Safety

Debiasing Multimodal Large Language Models via Penalization of Language Priors
YiFan Zhang, Yang Shi, Weichen Yu, Qingsong Wen, Xue Wang, Wenjing Yang, Zhang Zhang, Liang Wang, Rong Jin.

MM 2025 [paper]

TL;DR: Training-free debiasing methods that reduce MLLM reliance on language priors and redirect generation toward visual evidence.

Steal the Patch Size: Adversarially Manipulate Vision Language Models
Kai Hu, Akash Bharadwaj, Weichen Yu, Matt Fredrikson.

ICML 2026 [paper]

TL;DR: Adversarially manipulate vision-language models through patch-size behavior.
The Trojan in the Vocabulary: Stealthy Sabotage of LLM Composition.
Xiaoze Liu, Weichen Yu, Matt Fredrikson, Xiaoqian Wang, Jing Gao.

[paper]

TL;DR: In model merging, when doing tokenizer transplant, we can inject "breaker tokens" into the merged model while preserving the original model.

SafeRBench: A Comprehensive Benchmark for Safety Assessment in Large Reasoning Models
Xin Gao, Shaohan Yu, Zerui Chen, Yueming Lyu, Weichen Yu, Guanghao Li, Jiyao Liu, Jianxiong Gao, Jian Liang, Ziwei Liu, Chenyang Si

[paper]

TL;DR: Benchmark for reasoning LLM safety.

Omni-Attack: Adversarial Attacks on Open-Ended VQA in Black-Box Multimodal LLMs
Kai Hu, Weichen Yu, Li Zhang, Alexander Robey, Andy Zou, Chengming Xu, Haoqi Hu, Matt Fredrikson

CVPR 2026 [paper] [code]

TL;DR: Black-box adversarial attacks on vision-language models, successfully breaks GPT, Claude, etc.

Is Certifying l_p Robustness Still Worthwhile?
Ravi Mangal, Klas Leino, Zifan Wang, Kai Hu, Weichen Yu, Corina Pasareanu, Anupam Datta, Matt Fredrikson.

Position Paper [paper]

TL;DR: Revisits the practical value and assumptions behind certifying norm-bounded robustness.

Bag of Tricks for Training Data Extraction from Language Models.
Weichen Yu, Tianyu Pang, Qian Liu, Chao Du, Bingyi Kang, Yan Huang, Min Lin, Shuicheng Yan.

ICML 2023 | [paper] [code]

TL;DR: Extract training data from language models.

Computer Vision: Robustness

Is Your Text-to-Image Model Robust to Caption Noise?
Weichen Yu, Ziyan Yang, Shanchuan Lin, Qi Zhao, Jianyi Wang, Liangke Gui, Matt Fredrikson, Lu Jiang.

CVPR 2026 Findings | AI4C @ CVPR 2026 (Oral) [paper]

TL;DR: Address the noise (hallucination) in VLM generated captions when training text-to-image models.

Generalized Inter-class Loss for Gait Recognition.
Weichen Yu, Hongyuan Yu, Yan Huang, Liang Wang.
ACM Multimedia (MM), 2022 (Poster).

[paper] [code]

TL;DR: Loss design for shaping a more robust embedding space for gait recognition.

CNTN: Cyclic Noise-Tolerant Network.
Weichen Yu, Hongyuan Yu, Yan Huang, Chunshui Cao, Liang Wang.

[paper]

TL;DR: Algorithm design for video recognition in the presence of noise.

Deconfounded Noisy Labels Learning.
Weichen Yu, Hongyuan Yu, Yan Huang, Jianghao Zhang, Qiang Liu, Liang Wang.

[paper]

TL;DR: Causal learning for noisy label learning.

Computer Vision: Performance

ATM: Enhanced Alignment for Text-to-Motion Generation
Ke Han, Yueming Lyu, Weichen Yu, Nicu Sebe.

WACV 2026 | [paper] [code]

TL;DR: A semantics-aware alignment framework for correcting text-motion misalignment in text-to-motion generation.

GOOD: Training-Free Guided Diffusion Sampling for Out-of-Distribution Detection
Xin Gao, Jiyao Liu, Guanghao Li, Yueming Lyu, Jianxiong Gao, Weichen Yu, Ningsheng Xu, Liang Wang, Caifeng Shan, Ziwei Liu, Chenyang Si.

NeurIPS, 2025 | [paper]

TL;DR: Use off-the-shelf in-distribution (ID) classifier to guide diffusion sampling trajectories towards OOD regions.

Sample-Aware RandAugment
Anqi Xiao, Weichen Yu, Hongyuan Yu.

International Journal of Computer Vision (IJCV), 2025 | [paper]

TL;DR: An effecitve data augmentation method for automaticaly finding the best data augmentation policies for each sample.

Time Series Forecasting

Regularized Graph Structure Learning with Semantic Knowledge for Multi-variates Time-Series Forecasting.
Hongyuan Yu*, Ting Li *, Weichen Yu*, Jianguo Li, Yan Huang, Liang Wang, Alex Liu.
International Joint Conference on Artificial Intelligence (IJCAI), 2022. (Oral)

[paper] [code]

TL;DR: Graph and Recurrent neural network based model for multi-variates time-series forecasting.

Competition

1st Learning and Mining with Noisy Labels Challenge, IJCAI-ECAI 2022.
runner-up of task 1-1 and 2nd runner-up of task 1-2. [details]
TL;DR:
Weichen Yu, Hongyuan Yu, Yan Huang, Dong An, Keji He, Zhipeng Zhang, Xiuchuan Li, Liang Wang

REVERIE Challenge 2022.
runner-up of channel 2. [details]
TL;DR:
Dong An, Yifeng Su, Shuanglin Sima, Hongyuan Yu, Weichen Yu, Yan Huang

Training Data Extraction Challenge
runner-up. Invited to give a talk in SaTML. [details]
TL;DR:
Weichen Yu, Tianyu Pang, Qian Liu, Chao Du, Bingyi Kang, Yan Huang, Min Lin, Shuicheng Yan.

Undergraduate Research

  • SiC MOSFET in electromobile controlling
    • Advisor: Puqi Ning
    Genetic Algorithm Based SiC MOSFET On-state Resistance Modeling Method.
    Han C, Weichen Y, Xiaoguang C, Puqi N, Xuhui W.
    Journal of Power Supply, 2020, 18(04): 38-44. DOI:10.13234/j.issn.2095-2805.2020.4.38
    [paper]
  • Power supply noise analysis using autocorrelation
    • Advisor: Seth R. Sanders
    - developed better algorithms which combined autocorrelation with averaging on Simulink to analyze power supply noise and achieve high resolution (1 mV) at high frequency (30GHz).
    - Significantly reduced the cost from 500$ to 20$ and improved the performance and resolution by accumulating small steps of advancement such as the step of float-point to fixed-point optimization.

Education

2020/09 - 2023/07 : Master student in CS, Institute of Automation, Chinese Academy of Sciences.

2016/09 - 2020/07 : Bachelor in EE, University of Chinese Academy of Sciences.

2019/01 - 2019/08 : Visiting student in EECS, University of California, Berkeley.