Xiao Zhang

Tenure-Track Faculty

CISPA Helmholtz Center for Information Security

Bio: I am a faculty member at CISPA Helmholtz Center for Information Security, where I lead the AIR-ML Lab. Prior to this, I earned my PhD in Computer Science at the University of Virginia, where I was advised by Prof. David Evans. I also hold an MS degree in Statistics from the University of Virginia and a BS degree in Mathematics and Applied Mathematics from Tsinghua University. I am a member of the European Laboratory for Learning and Intelligent Systems, affiliated with ELLIS Unit Saarbrücken.

Research Interest: My research spans a broad range of topics in machine learning (ML), with a primary focus on trustworthy AI, encompassing robustness, safety, privacy, bias, and interpretability. I’m also interested in deep learning theory, generative modeling, and optimization. Ultimately, my goal is to develop principled adversarial ML approaches to tackle the fundamental challenges in building reliable and trustworthy AI systems.

I am always looking for self-motivated students interested in machine learning research, including PhD students, HiWis, intern and visiting students. An up-to-date list of my publications is available on Google Scholar. Please visit our lab website for more information about our current research directions and available positions.

Featured Publications

Advik Raj Basani, Xiao Zhang

September 2025 NeurIPS 2025

GASP: Efficient Black-Box Generation of Adversarial Suffixes for Jailbreaking LLMs

We introduce Generative Adversarial Suffix Prompter (GASP), a novel framework that combines human-readable prompt generation with Latent Bayesian Optimization (LBO) to improve adversarial suffix creation in a fully black-box setting.

Wenshu Fan, Minxing Zhang, Hongwei Li, Wenbo Jiang, Hanxiao Chen, Xiangyu Yue, Michael Backes, Xiao Zhang

January 2025 CCS 2025 (Distinguished Paper Award)

DivTrackee versus DynTracker: Promoting Diversity in Anti-Facial Recognition against Dynamic FR Strategy

We highlight the importance of using dynamic FR strategies to evaluate AFR methods, and propose DivTrackee as a promising countermeasure.

Anshuman Suri, Xiao Zhang, David Evans

November 2024 TMLR 2024

Do Parameters Reveal More than Loss for Membership Inference?

We show how prior claims about black-box access sufficing for optimal membership inference do not hold for most useful settings such as SGD, and validate our findings with a new white-box inference attack.

Fnu Suya, Xiao Zhang, Yuan Tian, David Evans

November 2023 NeurIPS 2023

What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?

Understand the inherent vulnerabilities to indiscriminate data poisoning attacks for linear learners by studying the optimal poisoning strategy from the perspective of data distribution.

Xiao Zhang, David Evans

May 2022 ICLR 2022

Understanding Intrinsic Robustness using Label Uncertainty

Built upon a novel definition of label uncertainty, we develop an empirical method to estimate a more realistic intrinsic robustness limit for image classification tasks.

Publications

Quickly discover relevant content by filtering publications.

Subrat Kishore Dutta, Yuelin Xu, Piyush Pant, Xiao Zhang (2025). GREAT: Generalizable Backdoor Attacks in RLHF via Emotion-Aware Trigger Synthesis. ArXiv.

PDF Cite ArXiv

Santanu Rathod, Francesco Ceccarelli, Sean B. Holden, Pietro Liò, Xiao Zhang, Jovan Tanevski (2025). ContextFlow: Context-Aware Flow Matching For Trajectory Inference From Spatial Omics Data. ArXiv.

PDF Cite Code ArXiv

Advik Raj Basani, Xiao Zhang (2025). GASP: Efficient Black-Box Generation of Adversarial Suffixes for Jailbreaking LLMs. NeurIPS 2025.

PDF Cite Code ArXiv OpenReview

Youngjin Kwon, Xiao Zhang (2025). Controllable Adversarial Makeup for Privacy via Text-Guided Diffusion. ArXiv.

PDF Cite Code ArXiv

Zhizhen Chen, Zhengyu Zhao, Subrat Kishore Dutta, Chenhao Lin, Chao Shen, Xiao Zhang (2025). Generalizable Targeted Data Poisoning against Varying Physical Objects. ArXiv.

PDF Cite Code ArXiv

Devansh Srivastav, Xiao Zhang (2025). Safe in Isolation, Dangerous Together: Agent-Driven Multi-Turn Decomposition Jailbreaks on LLMs. ACL 2025 REALM Workshop (Oral).

PDF Cite Source Document

See all publications

Contact

xiao.zhang@cispa.de
+49 681 87083 2342
Im oberen Werk 1, St. Ingbert, Saarland 66386
My office is Room 0.28 at CISPA D2 building