Xiang Zheng

VLA models can ace the task but still trigger unsafe outcomes, exposing a critical gap between action execution and semantic understanding.

LLM judges of disinformation risk are internally consistent, but consistently misaligned with actual human readers, raising serious questions about their validity as evaluation proxies.

Prompt leakage attacks on multi-tenant LLMs are far more efficient than previously thought: a new RL-based method reconstructs prompts with over 12x fewer requests.