Papers by Charles Fleming
Retracing the Past: LLMs Emit Training Data When They Get Lost (2025.emnlp-main)
Copied to clipboard
| Challenge: | Existing methods for extracting training data from large language models exhibit limited success . existing methods offer limited insight into the fundamental drivers of memorization leakage . |
| Approach: | They propose a framework for extracting memorized data by maximizing model uncertainty . they propose mismatched fine-tuning to weaken alignment and induce confusion . |
| Outcome: | The proposed attacks outperform baselines on unaligned and aligned LLMs . the proposed attacks exploit the model uncertainty of the input snippets induced by the model entropy spike . |
AssistedDS: Benchmarking How External Domain Knowledge Assists LLMs in Automated Data Science (2025.findings-emnlp)
Copied to clipboard
An Luo, Xun Xian, Jin Du, Fangqiao Tian, Ganghua Wang, Ming Zhong, Shengchun Zhao, Xuan Bi, Zirui Liu, Jiawei Zhou, Jayanth Srinivasa, Ashish Kundu, Charles Fleming, Mingyi Hong, Jie Ding
| Challenge: | Large language models (LLMs) have advanced the automation of data science workflows, yet it remains unclear whether they can critically leverage external domain knowledge as human data scientists do in practice. |
| Approach: | They propose a benchmark to evaluate how large language models handle external domain knowledge in tabular prediction tasks. |
| Outcome: | The proposed model evaluates whether it can critically leverage external domain knowledge as human data scientists do in practice. |
Agents Under Siege: Breaking Pragmatic Multi-Agent LLM Systems with Optimized Prompt Attacks (2025.acl-long)
Copied to clipboard
| Challenge: | Multi-agent LLMs are prone to adversarial attacks because of constraints such as limited token bandwidth and latency between message delivery. |
| Approach: | They propose a permutation-invariant adversarial attack that optimizes prompt distribution across latency and bandwidth constraints to bypass distributed safety mechanisms within the system. |
| Outcome: | The proposed method outperforms conventional attacks by up to 7 on multiple models. |
The Adaptive Interrogator: Detecting Trojan LLMs in Multi-Agent Systems via Evolved Conversational Strategies (2026.findings-acl)
Copied to clipboard
| Challenge: | Large Language Models (LLMs) have been focused on single-agent, white-box environments, but multi-agend systems (MAS) have a critical blind spot: supply chain vulnerabilities. |
| Approach: | They propose a black-box auditing framework that leverages an Evolutionary Algorithm to autonomously expose hidden threats. |
| Outcome: | The proposed framework achieves superior detection rates (up to 100% in specific configurations) and robustness across diverse architectures. |