Hello! This is Ziqing Yang, a third-year PhD student at CISPA Helmholtz Center for Information Security, co-advised by Prof. Michael Backes and Dr. Yang Zhang. Before that, I obtained my Bachelor’s degree from Peking University, advised by Prof. Ming Zhang. Further, I was a research intern at UCLA under the supervision of Prof. Yizhou Sun, where I focused on the logical rules and knowledge graphs.

Research Interest

• Trustworthy machine learning (safety, privacy, and security)
• Generative models
• Graph analysis

What’s New

[May 2025] Our paper titled Comprehensive Assessment of Jailbreak Attacks Against LLMs was accepted by ACL 2025!

[May 2025] I became a reviewer of IEEE Transactions on Dependable and Secure Computing (TDSC)!

[May 2025] I became a reviewer of NeurIPS 2025!

[March 2025] I became a reviewer of ICCV 2025!

[February 2025] I became a reviewer of ACL Rolling Review!

[January 2025] Our paper titled Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications was accepted by USENIX Security 2025!

[January 2025] I became a reviewer of KDD 2025!

[December 2024] I became a reviewer of ICLR FPI Workshop 2025!

[November 2024] I joined the Artifact Evaluation Committee of USENIX Security 2025!

[September 2023] Our paper named SecurityNet: Assessing Machine Learning Vulnerabilities on Public Models was accepted by USENIX Security 2024!

Publications

(*: Equal Contribution)

2025

• Comprehensive Assessment of Jailbreak Attacks Against LLMs.
  Junjie Chu, Yugeng Liu, Ziqing Yang, Xinyue Shen, Michael Backes, Yang Zhang. In Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (ACL 2025), 2025.
  paper

• Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications.
  Yixin Wu, Ziqing Yang, Yun Shen, Michael Backes, Yang Zhang. In Proceedings of the 34th USENIX Security Symposium (USENIX Security 25), 2025.
  paper code website

• The Challenge of Identifying the Origin of Black-Box Large Language Models.
  Ziqing Yang, Yixin Wu, Yun Shen, Wei Dai, Michael Backes, Yang Zhang. arXiv preprint arXiv:2503.04332, 2025.
  paper

• Peering Behind the Shield: Guardrail Identification in Large Language Models.
  Ziqing Yang, Yixin Wu, Rui Wen, Michael Backes, Yang Zhang. arXiv preprint arXiv:2502.01241, 2025.
  paper

2024

• SOS! Soft Prompt Attack Against Open-Source Large Language Models.
  Ziqing Yang, Michael Backes, Yang Zhang, Ahmed Salem. arXiv preprint arXiv:2407.03160, 2024.
  paper

• SecurityNet: Assessing Machine Learning Vulnerabilities on Public Models.
  Boyang Zhang, Zheng Li, Ziqing Yang, Xinlei He, Michael Backes, Mario Fritz, Yang Zhang. In Proceedings of the 33rd USENIX Security Symposium (USENIX Security 24), 2024.
  paper code

2023

• Data Poisoning Attacks Against Multimodal Encoders.
  Ziqing Yang, Xinlei He, Zheng Li, Michael Backes, Mathias Humbert, Pascal Berrang, and Yang Zhang. In Proceedings of the 2023 International Conference on Machine Learning (ICML 2023), 2023.
  paper code

• From Visual Prompt Learning to Zero-Shot Transfer: Mapping Is All You Need.
  Ziqing Yang*, Zheyang Sha*, Michael Backes, Yang Zhang. arXiv preprint arXiv:2303.05266, 2023.
  paper

Before 2021

• UniKER: A Unified Framework for Combining Embedding and Definite Horn Rule Reasoning for Knowledge Graph Inference.
  Kewei Cheng, Ziqing Yang, Ming Zhang, and Yizhou Sun. In Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing (EMNLP 2021), 2021.
  paper

• UniKER: A Unified Framework for Combining Embedding and Horn Rules for Knowledge Graph Inference.
  Kewei Cheng, Ziqing Yang, Ming Zhang, and Yizhou Sun. In Proceedings of the Graph Representation Learning and Beyond Workshop (ICML GRL+ 2020), 2020.
  paper

• Explainable knowledge graph-based recommendation via deep reinforcement learning[J].
  Weiping Song, Zhijian Duan, Ziqing Yang, Hao Zhu, Ming Zhang, and Jian Tang. arXiv preprint arXiv:1906.09506, 2019.
  paper

Teaching Assistant

Summer term 2025

• Data-driven Understanding of the Disinformation Epidemic (Graduate, Saarland University)

Winter term 2024/2025

• Privacy of Machine Learning (Graduate, Saarland University)

Summer term 2024

• Data-driven Understanding of the Disinformation Epidemic (Graduate, Saarland University)
• Attacks Against Machine Learning Models (Graduate, Saarland University)

Winter term 2023/2024

• Privacy of Machine Learning (Graduate, Saarland University)

Sevices

• Program Commitee Member: NeurIPS CaLM 2024, NeurIPS AFME 2024, AAAI 2025, AAAI 2024, AAAI 2023
• Artifact Evaluation Commitee Member: USENIX Security 2025
• Invited Reviewer: TDSC, NeurIPS 2025, ICCV 2025, ARR, KDD 2025, ICLR FPI Workshop 2025, NeurIPS UniReps Workshop 2024, NeurIPS WiML Workshop 2024, TOPS, TKDD, ICML SPIGM Workshop 2024, NLPCC 2023, CSAE 2022, NLPCC 2022
• Secondary Reviewer: ICICS 2023