Yuekang Li

Mobile GUI agents are surprisingly susceptible to prompt injection via realistic, attacker-controlled text embedded within ordinary user-generated content, even without modifying the agent, application, or OS.

Key contribution not extracted.

VideoLLMs leak training data: a novel black-box attack recovers membership with surprisingly high accuracy (AUC=0.68) by probing generation brittleness across temperatures.

LLM API calls are breaking your program analysis tools, but this new taxonomy of information flow across the NL/PL boundary offers a way to fix them.

LLM-powered pentesting agents fail not because of model limitations, but because they can't estimate task difficulty, leading to wasted effort and premature context exhaustion.