Yixin Wu

Im Oberen Werk 1

66386 St. Ingbert (Germany)

I’m a Ph.D. student at CISPA Helmholtz Center for Information Security, where I am fortunate to be advised by Prof. Michael Backes and Dr. Yang Zhang. Prior to coming to CISPA, I received my Bachelor’s degree from Sichuan University, where I daily worked with Prof. Cheng Huang. During my undergraduate, I was also a security engineer intern at Alibaba.

My research focuses on designing and developing trustworthy AI systems, ensuring they are safe, privacy-preserving, and secure. I am also interested in the responsible use of AI, with a focus on transparency and preventing the misuse of AI-generated content. Currently, I am passionate about building generative agents for security and privacy tasks, as well as social behavior simulation.

Research Interests

Trustworthy AI
- Security:[ACL'26b],[ACL'26c]
- Privacy:[ACL'26a],[USENIX'24],[PETS'24]
- Safety:[CCS'24],[USENIX'25b]
Responsible use of AI
- Transparency in synthetic data usage:[USENIX'25a]
- Misuse of AI-generated content:[USENIX'25c][CCS'25]
- In-the-wild prompt analysis:[EMNLP'24]
Generative Agents for Security, Privacy, and Social Behavior Simulation

Honors and Awards

2025

Rising Star in EECS 2025, MIT
2025

ML and Systems Rising Star, MLCommons
2025

Abbe Grant, Carl-Zeiss-Stiftung
2025

Heidelberg Laureate Forum Young Researcher, The 12th Heidelberg Laureate Forum
2021

Outstanding Graduate Honor, Sichuan University
2019

National Scholarship, Ministry of Education of China

News

Apr 2026	Our paper titled “InferPilot: Autonomous Inference Attacks Against ML Services With LLM-Based Agents” was accepted by ACL Findings 2026.
Apr 2026	Our paper titled “Peering Behind the Shield: Guardrail Identification in Large Language Models” was accepted by ACL Findings 2026.
Apr 2026	Our paper titled “Rethinking Assessments of Prompt Injection Attacks” was accepted by ACL Findings 2026.
Sep 2025	I was selected as a Rising Star in EECS 2025!
Jul 2025	Our paper titled “UnsafeBench: Benchmarking Image Safety Classifiers on Real-World and AI-Generated Images” was accepted by ACM CCS 2025. See the website for more details!
Jun 2025	I was selected to recieve the Abbe Grant from the Carl-Zeiss-Stiftung!
May 2025	I was selected as a Heidelberg Laureate Forum Young Researcher!
Mar 2025	I was selected as a ML and Systems Rising Star!
Jan 2025	Our paper titled “Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications” was accepted by Usenix Security 2025. See the website for more details!
Jan 2025	Our paper titled “On the Proactive Generation of Unsafe Images From Text-To-Image Models Using Benign Prompts” was accepted by Usenix Security 2025!

Selected Publications

ACL Findings
InferPilot: Autonomous Inference Attacks Against ML Services With LLM-Based Agents

Yixin Wu, Rui Wen, Chi Cui, Michael Backes, and Yang Zhang

In Annual Meeting of the Association for Computational Linguistics (ACL), 2026

arXiv Bib
@inproceedings{WWCBZ26, author = {Wu, Yixin and Wen, Rui and Cui, Chi and Backes, Michael and Zhang, Yang}, title = {{InferPilot: Autonomous Inference Attacks Against ML Services With LLM-Based Agents}}, booktitle = {{Annual Meeting of the Association for Computational Linguistics (ACL)}}, publisher = {ACL}, year = {2026} }
ACL Findings
Peering Behind the Shield: Guardrail Identification in Large Language Models

Ziqing Yang, Yixin Wu, Rui Wen, Michael Backes, and Yang Zhang

In Annual Meeting of the Association for Computational Linguistics (ACL), 2026

arXiv Bib
@inproceedings{YWWBZ26, author = {Yang, Ziqing and Wu, Yixin and Wen, Rui and Backes, Michael and Zhang, Yang}, title = {{Peering Behind the Shield: Guardrail Identification in Large Language Models}}, booktitle = {{Annual Meeting of the Association for Computational Linguistics (ACL)}}, publisher = {ACL}, year = {2026} }
ACL Findings
Rethinking Assessments of Prompt Injection Attacks

Chi Cui, Yixin Wu, Michael Backes, and Yang Zhang

In Annual Meeting of the Association for Computational Linguistics (ACL), 2026

Bib
@inproceedings{CWBZ26, author = {Cui, Chi and Wu, Yixin and Backes, Michael and Zhang, Yang}, title = {{Rethinking Assessments of Prompt Injection Attacks}}, booktitle = {{Annual Meeting of the Association for Computational Linguistics (ACL)}}, publisher = {ACL}, year = {2026} }
Usenix Security
Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications

Yixin Wu, Ziqing Yang, Yun Shen, Michael Backes, and Yang Zhang

In USENIX Security Symposium (USENIX Security), 2025

arXiv Bib Code Website
@inproceedings{WYSBZ25, author = {Wu, Yixin and Yang, Ziqing and Shen, Yun and Backes, Michael and Zhang, Yang}, title = {{Synthetic Artifact Auditing: Tracing LLM-Generated Synthetic Data Usage in Downstream Applications}}, booktitle = {{USENIX Security Symposium (USENIX Security)}}, publisher = {USENIX}, year = {2025} }
Usenix Security
On the Proactive Generation of Unsafe Images From Text-To-Image Models Using Benign Prompts

Yixin Wu, Ning Yu, Michael Backes, Yun Shen, and Yang Zhang

In USENIX Security Symposium (USENIX Security), 2025

arXiv Bib Code
@inproceedings{WYBSZ25, author = {Wu, Yixin and Yu, Ning and Backes, Michael and Shen, Yun and Zhang, Yang}, title = {{On the Proactive Generation of Unsafe Images From Text-To-Image Models Using Benign Prompts}}, booktitle = {{USENIX Security Symposium (USENIX Security)}}, publisher = {USENIX}, year = {2025} }
Usenix Security
HateBench: Benchmarking Hate Speech Detectors on LLM-Generated Content and Hate Campaigns

Xinyue Shen, Yixin Wu, Yiting Qu, Michael Backes, Savvas Zannettou, and Yang Zhang

In USENIX Security Symposium (USENIX Security), 2025

arXiv Bib Code Website
@inproceedings{SWQBZZ25, author = {Shen, Xinyue and Wu, Yixin and Qu, Yiting and Backes, Michael and Zannettou, Savvas and Zhang, Yang}, title = {{HateBench: Benchmarking Hate Speech Detectors on LLM-Generated Content and Hate Campaigns}}, booktitle = {{USENIX Security Symposium (USENIX Security)}}, publisher = {USENIX}, year = {2025} }
Usenix Security
Quantifying Privacy Risks of Prompts in Visual Prompt Learning

Yixin Wu, Rui Wen, Michael Backes, Pascal Berrang, Mathias Humbert, Yun Shen, and Yang Zhang

In USENIX Security Symposium (USENIX Security), 2024

Bib PDF Video Code Slides Website
@inproceedings{WWBBHSZ24, author = {Wu, Yixin and Wen, Rui and Backes, Michael and Berrang, Pascal and Humbert, Mathias and Shen, Yun and Zhang, Yang}, title = {{Quantifying Privacy Risks of Prompts in Visual Prompt Learning}}, booktitle = {{USENIX Security Symposium (USENIX Security)}}, publisher = {USENIX}, year = {2024} }
CCS
Image-Perfect Imperfections: Safety, Bias, and Authenticity in the Shadow of Text-To-Image Model Evolution

Yixin Wu, Yun Shen, Michael Backes, and Yang Zhang

In ACM Conference on Computer and Communications Security (CCS), 2024

Bib PDF Slides Website
@inproceedings{WSBZ24, author = {Wu, Yixin and Shen, Yun and Backes, Michael and Zhang, Yang}, title = {Image-Perfect Imperfections: Safety, Bias, and Authenticity in the Shadow of Text-To-Image Model Evolution}, booktitle = {{ACM Conference on Computer and Communications Security (CCS)}}, publisher = {ACM}, year = {2024} }
PETS
Link Stealing Attacks Against Inductive Graph Neural Networks

Yixin Wu, Xinlei He, Pascal Berrang, Mathias Humbert, Michael Backes, Neil Zhenqiang Gong, and Yang Zhang

In Privacy Enhancing Technologies Symposium (PETS), 2024

Bib PDF Code Slides Website
@inproceedings{WHBHBGZ24, author = {Wu, Yixin and He, Xinlei and Berrang, Pascal and Humbert, Mathias and Backes, Michael and Gong, Neil Zhenqiang and Zhang, Yang}, title = {{Link Stealing Attacks Against Inductive Graph Neural Networks}}, booktitle = {{Privacy Enhancing Technologies Symposium (PETS)}}, publisher = {PETS}, year = {2024} }
EMNLP
The Death and Life of Great Prompts: Analyzing the Evolution of LLM Prompts from the Structural Perspective

Yihan Ma, Xinyue Shen, Yixin Wu, Boyang Zhang, Michael Backes, and Yang Zhang

In Empirical Methods in Natural Language Processing (EMNLP), 2024

Bib PDF Website
@inproceedings{MSWZBZ24, author = {Ma, Yihan and Shen, Xinyue and Wu, Yixin and Zhang, Boyang and Backes, Michael and Zhang, Yang}, title = {{The Death and Life of Great Prompts: Analyzing the Evolution of LLM Prompts from the Structural Perspective}}, booktitle = {{Empirical Methods in Natural Language Processing (EMNLP)}}, publisher = {EMNLP}, year = {2024} }