Papers by Xiaojun Jia
Reference Matters: Benchmarking Factual Error Correction for Dialogue Summarization with Fine-grained Evaluation Framework (2023.acl-long)
Copied to clipboard
| Challenge: | Current evaluations of FEC models that depend on factuality metrics are not reliable and detailed enough. |
| Approach: | They propose a fine-grained evaluation framework that automatically evaluates FEC models on different error categories. |
| Outcome: | The proposed evaluation framework compares models on different error categories and finds the best training modes and significant differences in the performance of existing models. |
LLM Jailbreak Detection for (Almost) Free! (2025.findings-emnlp)
Copied to clipboard
| Challenge: | Existing methods for detecting jailbreak prompts entail significant computational costs . |
| Approach: | They propose a free jailbreak detection method which scales logits by temperature to detect jailbreak prompts . |
| Outcome: | The proposed method detects jailbreak prompts with no additional computational costs. |
PBI-Attack: Prior-Guided Bimodal Interactive Black-Box Jailbreak Attack for Toxicity Maximization (2025.emnlp-main)
Copied to clipboard
Ruoxi Cheng, Yizhong Ding, Shuirong Cao, Ranjie Duan, Xiaoshuang Jia, Shaowei Yuan, Simeng Qin, Zhiqiang Wang, Xiaojun Jia
| Challenge: | Existing methods to jailbreak Large Vision Language Models do not consider interaction between images and text. |
| Approach: | They propose a prior-guided bimodal interactive black-box jailbreak attack for toxicity maximization that exploits the interaction of images and text. |
| Outcome: | The proposed method outperforms state-of-the-art jailbreak methods in black box scenarios and in closed-source LVLMs. |
Exploring and Evaluating Multimodal Knowledge Reasoning Consistency of Multimodal Large Language Models (2025.findings-emnlp)
Copied to clipboard
| Challenge: | MLLMs have achieved significant breakthroughs in understanding across text and vision, but current models still face inconsistencies in reasoning outcomes. |
| Approach: | They propose to evaluate multimodal large language models using a multimodal knowledge reasoning dataset to examine the extent of consistency degradation. |
| Outcome: | The proposed evaluation tasks show that MLLMs are inefficient at integrating knowledge across modalities . |
Towards Identification and Intervention of Safety-Critical Parameters in Large Language Models (2026.findings-acl)
Copied to clipboard
| Challenge: | Existing safety-related methodologies for large language models are lacking . despite advances in safety alignment techniques, safeguarding LLMs during adaptation to various tasks remains a challenge. |
| Approach: | They propose a framework to quantify how different parameters affect LLM safety . they propose two targeted intervention paradigms for safety enhancement and preservation . |
| Outcome: | The proposed framework reveals safety-critical patterns across different LLM architectures. |
One Shot Dominance: Knowledge Poisoning Attack on Retrieval-Augmented Generation Systems (2025.findings-emnlp)
Copied to clipboard
Zhiyuan Chang, Mingyang Li, Xiaojun Jia, Junjie Wang, Yuekai Huang, Ziyou Jiang, Yang Liu, Qing Wang
| Challenge: | Existing knowledge poisoning attacks against RAG systems require multiple poisoned documents or can only function effectively on simplistic queries. |
| Approach: | They propose a more realistic knowledge poisoning attack that poisons only a single document while remaining effective for complex multi-hop questions involving complex relationships between multiple elements. |
| Outcome: | The proposed attack achieves success by poisoning only a single document while remaining effective for complex multi-hop questions involving complex relationships between multiple elements. |
GAMBIT: A Gamified Jailbreak Framework for Multimodal Large Language Models (2026.acl-long)
Copied to clipboard
| Challenge: | Existing attacks focus on increasing the complexity of the modified visual task and do not explicitly leverage the model’s own reasoning incentives. |
| Approach: | They propose a framework that decomposes and reassembles harmful visual semantics and constructs a gamified scene that drives the model to explore, reconstruct intent and answer as part of winning the game. |
| Outcome: | Experiments on reasoning and non-reasoning MLLMs show that the proposed framework outperforms baseline models on both vision and text. |
Know Thy Enemy: Securing LLMs Against Prompt Injection via Diverse Data Synthesis and Instruction-Level Chain-of-Thought Learning (2026.findings-acl)
Copied to clipboard
Zhiyuan Chang, Mingyang Li, Yuekai Huang, Ziyou Jiang, Xiaojun Jia, Qian Xiong, Junjie Wang, Zhaoyang Li, Qing Wang
| Challenge: | Large language model (LLM)-integrated applications face security vulnerabilities from prompt injection (PI) attacks. |
| Approach: | They propose a model enhancement method that synthesizes diverse training data and employs instruction-level chain-of-thought fine-tuning to enable LLMs to effectively identify and reject malicious instructions regardless of their source or position in the context. |
| Outcome: | The proposed method outperforms baselines in three critical dimensions while maintaining utility performance without degradation. |
Golden Touchstone: A Comprehensive Bilingual Benchmark for Evaluating Financial Large Language Models (2025.findings-emnlp)
Copied to clipboard
Xiaojun Wu, Junxi Liu, Huan-Yi Su, Zhouchi Lin, Yiyan Qi, Chengjin Xu, Jiajun Su, Jiajie Zhong, Fuwei Wang, Saizhuo Wang, Fengrui Hua, Jia Li, Jian Guo
| Challenge: | Existing financial benchmarks suffer from limited language and task coverage, low-quality datasets, and inadequate adaptability for LLM evaluation. |
| Approach: | They propose a bilingual benchmark for financial LLMs that assesses models’ language understanding and generation capabilities. |
| Outcome: | The proposed bilingual benchmark assesses models’ language understanding and generation capabilities. |
Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization (2025.acl-long)
Copied to clipboard
| Challenge: | Existing methods for prompt injection have focused on optimizing the suffix, overlooking the role of the prompt. |
| Approach: | They propose a method that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies to optimize the suffix sequence for universal goal hijacking. |
| Outcome: | The proposed method can generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking. |
Crabs: Consuming Resource via Auto-generation for LLM-DoS Attack under Black-box Settings (2025.findings-acl)
Copied to clipboard
| Challenge: | Existing studies on white-box attacks focus on black-box LLMs, leaving black- box scenarios underexplored. |
| Approach: | They propose an automated algorithm designed for black-box LLMs that constructs the DoS Attack Tree and expands the node coverage to achieve effectiveness under black- box conditions. |
| Outcome: | The proposed algorithm can be used to build a DoS Attack Tree and expand the node coverage to achieve effectiveness under black-box conditions. |