Haojin Zhu

Pinpoint the source of FedLM leaks with near-perfect accuracy using a black-box watermarking scheme that survives fine-tuning, pruning, and quantization.

VLM-based GUI agents are vulnerable to "SlowBA," a backdoor attack that stealthily inflates response times without affecting task accuracy, revealing a new dimension of security risk beyond action correctness.