Simeng Qin

Classical Chinese, with its conciseness and obscurity, unlocks a surprisingly effective attack vector against LLM safety filters, and can be automatically exploited via bio-inspired optimization.

Coding agents are vulnerable to a new class of stealthy, automated prompt injection attacks via poisoned skills, achieving high success rates even in realistic software engineering tasks.