Publication List

For a complete and up-to-date list, please visit my Google Scholar profile.

2026

• [ICML'26] Isabella Duan, Xudong Pan, Yawen Duan, Adam Gleave, Ranjie Duan, Jianfeng Cao, Wenqi Chen, Yinpeng Dong, Jiarun Dai, Jie Fu, Xudong Guo, Tianxing He, Geng Hong, Naying Hu, Xiaojian Li, Dongrui Liu, Chaochao Lu, Sören Mindermann, Peng Xu, Yang Zhang, Chen Zheng, Brian Tse, Min Yang, Xia Hu. Position: Preparing for AI Systems That Deceive Developers. ICML, 2026. (Accepted) Link

• [ICML'26] Yichen Wu, Qianqian Gao, Xudong Pan (Corresponding), Geng Hong, Min Yang. OpenDeception: Learning Deception and Trust in Human–AI Interaction via Multi-Agent Simulation. ICML, 2026. (Accepted) Link

• [ICML'26] Changyue Jiang, Wenqi Zhang, Xudong Pan (Corresponding), Geng Hong, Min Yang. Think Twice Before You Act: Enhancing Agent Behavioral Safety with Thought Correction. ICML, 2026. (Accepted) Link

• [ICML'26] Changyi Li, Peng Lu, Xudong Pan (Corresponding), Fazl Barez, Min Yang. AutoControl Arena: Synthesizing Executable Test Environments for Frontier AI Risk Evaluation. ICML, 2026. (Accepted) Link

• [CCS'26] Wenqi Zhang, Yulin Shen, Changyue Jiang, Jiarun Dai, Geng Hong, Xudong Pan (Corresponding). MirrorGuard: Toward Secure Computer-Use Agents via Simulation-to-Real Reasoning Correction. ACM CCS, 2026. (Accepted) Link

• [USENIX Security'26] Jiaqi Luo, Jiarun Dai, Fengyu Liu, Songyang Peng, Youkun Shi, Tong Bu, Geng Hong, Xudong Pan, Yuan Zhang. Autonomy Comes with Costs: Detecting Denial-of-Service Vulnerabilities Caused by Resource Abusing in LLM-based Agents. The 35th USENIX Security Symposium, 2026. Link

• [WWW'26] Yang Feng, Xudong Pan (Corresponding). Struphantom: Evolutionary injection attacks on black-box tabular agents powered by large language models. ACM WWW, 2026. Link

• [ICLR'26] Xinyi Wu, Geng Hong, Pei Chen, Yueyue Chen, Xudong Pan, Min Yang. PRISON: Unmasking the Criminal Potential of Large Language Models. ICLR, 2026. Link

• [Preprint] Jinghan Yang, Yihe Fan, Xudong Pan, Min Yang. FlowGuard: Towards Lightweight In-Generation Safety Detection for Diffusion Models via Linear Latent Decoding. Link

2025

• [WWW'25] Wuyuao Mai, Geng Hong, Peichen Chen, Xudong Pan, Bo Liu, Yuzhuo Zhang, Hongwei Duan, Min Yang. You Can’t Eat Your Cake and Have It Too: The Performance Degradation of LLMs with Jailbreak Defense. Proceedings of the ACM on Web Conference 2025, P872-883. Link

• [Preprint] Xudong Pan, Jiarun Dai, Yihe Fan, Min Yang. Frontier AI systems have surpassed the self-replicating red line. Arxiv. Link

• [Preprint] Changyue Jiang, Xudong Pan, Geng Hong, Chenfu Bao, Min Yang. RAG-Thief: Scalable Extraction of Private Data from Retrieval-Augmented Generation Applications with Agent-based Attacks.

• [Preprint] Yihe Fan, Wenqi Zhang, Xudong Pan, Min Yang. Evaluation Faking: Unveiling Observer Effects in Safety Evaluation of Frontier AI Systems. Arxiv. Link

2024

• [TPAMI] Xudong Pan, Mi Zhang, Yifan Yan, Shengyao Zhang, Min Yang. Matryoshka: Exploiting the Over-Parametrization of Deep Learning Models for Covert Data Transmission. IEEE TPAMI, 2024. (IF=24.314) Link

• [S&P'24] Huming Qiu, Junjie Sun, Mi Zhang, Xudong Pan, Min Yang. BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting. 2024 IEEE Symposium on Security and Privacy (S&P). Link

• [TDSC'24] Chenghui Shi, Shouling Ji, Xudong Pan, Xuhong Zhang, Mi Zhang, Min Yang, Jun Zhou, Jianwei Yin, Ting Wang. Towards Practical Backdoor Attacks on Federated Learning Systems. IEEE TDSC, 2024. Link

• [CCS'24] Yifan Lu, Wenxuan Li, Mi Zhang, Xudong Pan, Min Yang. Neural Dehydration: Effective Erasure of Black-box Watermarks from DNNs with Limited Data. 31st ACM CCS, 2024. Link

2023

• [KDD'23] Xudong Pan, Mi Zhang, Yifan Yan, Yining Wang, Min Yang. Cracking White-box DNN Watermarks via Invariant Neuron Transforms. 29th SIGKDD, P1783–1794, 2023. Link

• [USENIX Security'23] Yifan Yan (*), Xudong Pan (*), Mi Zhang, Min Yang. Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation. 32nd USENIX Security, P2347-2364, 2023. (*equal contribution) Link

• [USENIX Security'23] Qifan Xiao (*), Xudong Pan (*), Yifan Lu, Mi Zhang, Min Yang. Exorcising “Wraith”: Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks. 32nd USENIX Security, P2939-2956, 2023. (*equal contribution) Link

• [ACL'23] Shengyao Zhang, Xudong Pan, Mi Zhang, Min Yang. SlowBERT: Slow-down Attacks on Input-adaptive Multi-exit BERT. Findings of ACL, P9992–10007, 2023. Link

• [ICASSP'23] Xudong Pan, Mi Zhang, Duocai Wu. RØROS: Building a Responsive Online Recommender System via Meta-Gradients Updating. 2023 IEEE ICASSP. Link

• [WWW'23] Xiaoyu You, Beina Sheng, Daizong Ding, Mi Zhang, Xudong Pan, Min Yang, Fuli Feng. MaSS: Model-agnostic, Semantic and Stealthy Data Poisoning Attack on Knowledge Graph Embedding. 2023 Web Conference (WWW), P2000-2010. Link

• [WWW'23] Xiaoyu You, Chi Lee, Daizong Ding, Mi Zhang, Fuli Feng, Xudong Pan, Min Yang. Anti-FakeU: Defending Shilling Attacks on Graph Neural Network based Recommender Model. 2023 Web Conference (WWW), P938-948. Link

2022

• [NeurIPS'22] Xudong Pan, Shengyao Zhang, Mi Zhang, Yifan Yan, Min Yang. House of Cans: Covert Transmission of Internal Datasets via Capacity-Aware Neuron Steganography. 36th NeurIPS, 2022. Link

• [KDD'22] Xudong Pan, Yifan Yan, Mi Zhang, Min Yang. MetaV: A Meta-Verifier Approach to Task-Agnostic Model Fingerprinting. 28th SIGKDD, P1327–1336, 2022. Link

• [USENIX Security'22] Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, Min Yang. Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation. 31st USENIX Security, P3611-3628, 2022. Link

• [USENIX Security'22] Xudong Pan, Mi Zhang, Yifan Yan, Jiaming Zhu, Min Yang. Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis. 31st USENIX Security, P3989-4006, 2022. Link

• [ICDE'22] Daizong Ding, Mi Zhang, Yuanmin Huang, Xudong Pan, Fuli Feng, Erling Jiang, Min Yang. Towards Backdoor Attack on Deep Learning based Time Series Classification. 38th IEEE ICDE, P1274-1287, 2022. Link

2021

• [ACSAC'21] Xudong Pan, Mi Zhang, Yifan Yan, Min Yang. Understanding the Threats of Trojaned Quantized Neural Network in Model Supply Chains. 38th ACSAC, P634–645, 2021. Link

• [CIKM'21] Daizong Ding, Mi Zhang, Hanrui Wang, Xudong Pan, Min Yang, Xiangnan He. A Deep Learning Framework for Self-evolving Hierarchical Community Detection. 30th ACM CIKM, P372–381, 2021. Link

• [ESORICS'21] Xudong Pan, Mi Zhang, Yifan Lu, Min Yang. TAFA: A Task-Agnostic Fingerprinting Algorithm for Neural Networks. 26th ESORICS, P542-562, 2021. Link

• [TKDE] Mi Zhang, Daizong Ding, Xudong Pan, Min Yang. Enhancing Time Series Predictors with Generalized Extreme Value Loss. IEEE TKDE, 2021. (IF=9.24) Link

2020

• [ICDM'20] Daizong Ding, Mi Zhang, Xudong Pan, Min Yang, Xiangnan He. Modeling Personalized Out-of-Town Distances in Location Recommendation. 20th IEEE ICDM, P112-121, 2020. Link

• [USENIX Security'20] Xudong Pan, Mi Zhang, Duocai Wu, Qifan Xiao, Min Yang. Justinian’s GAAvernor: Robust Distributed Learning with Gradient Aggregation Agent. 29th USENIX Security, P1641-1658, 2020. Link

• [S&P'20] Xudong Pan, Mi Zhang, Shouling Ji, Min Yang. Privacy Risks of General-Purpose Language Models. 2020 IEEE S&P, P1471-1488, 2020. (Youth Outstanding Paper Nomination, WAIC) Link

• [AAAI'20] Daizong Ding, Mi Zhang, Xudong Pan, Min Yang, Xiangnan He. Improving the Robustness of Wasserstein Embedding by Adversarial PAC-Bayesian Learning. 34th AAAI, P3791-3800, 2020. Link

• [TPAMI] Xudong Pan, Mi Zhang, Daizong Ding, Min Yang. A Geometrical Perspective on Image Style Transfer with Adversarial Learning. IEEE TPAMI, 44(1), P63-75, 2020. Link

2018–2019

• [KDD'19] Daizong Ding, Mi Zhang, Xudong Pan, Min Yang, Xiangnan He. Modeling Extreme Events in Time Series Prediction. 25th SIGKDD, P1114–1122, 2019. Link

• [ICML'18] Xudong Pan, Mi Zhang, Min Yang. Theoretical Analysis of Image-to-Image Translation with Adversarial Learning. 35th ICML, P4006-4015, 2018. Link

• [WWW'18] Daizong Ding, Mi Zhang, Xudong Pan, Pearl Pu. Geographical Feature Extraction for Entities in Location-based Social Networks. 2018 WWW, P833-842, 2018. Link