Papers by Ziyou Jiang

8 papers
Butterfly Effects in Toolchains: A Comprehensive Analysis of Failed Parameter Filling in LLM Tool-Agent Systems (2025.findings-emnlp)

Copied to clipboard

Challenge: emergence of tool agent paradigm has broadened capability boundaries of the Large Language Model (LLM) but effectiveness of tool agents limited due to parameter failure during execution .
Approach: They propose a parameter failure taxonomy to investigate parameter failure . they propose suggestions for standardizing tool return formats and improving error feedback mechanisms .
Outcome: The proposed model is based on a tool agent invocation chain and a mainstream tool agent . it shows that parameter name hallucination failure stems from inherent limitations .
Generative Text-to-Image Retrieval via Hierarchical Identifiers and Semantic Internalization (2026.findings-acl)

Copied to clipboard

Challenge: Existing text-to-image retrieval methods suffer from limited semantic discriminability, alignment bias, and closed-set restrictions.
Approach: They propose a framework for semantic internalization for Generative Multimodal Alignment . they construct multi-granularity hierarchical identifiers to ensure unique, semantically consistent image representations .
Outcome: The proposed framework outperforms state-of-the-art frameworks on Flickr30K and MS-COCO datasets . it achieves average Recall@1, Recall @5, and Recall_10 improvements of 10.65%, 8.50%, and 7.00% .
Mimicking the Familiar: Dynamic Command Generation for Information Theft Attacks in LLM Tool-Learning System (2025.acl-long)

Copied to clipboard

Challenge: Existing approaches to attack Large Language Model (LLM) tool-learning systems are black-box oriented and rely on static commands that cannot adapt flexibly to the changes in user queries and the invocation chain.
Approach: They propose a dynamic attack comment generation approach for information theft attacks in LLM tool-learning systems that mimics the familiar by inferring the information utilized by upstream tools.
Outcome: The proposed approach outperforms baselines with +13.2% ASRTheft and can be generalized to new tool-learning systems to expose their information leakage risks.
Are All Prompt Components Value-Neutral? Understanding the Heterogeneous Adversarial Robustness of Dissected Prompt in LLMs (2026.eacl-long)

Copied to clipboard

Challenge: Existing studies treat prompts as flat text, overlooking their internal structure, and different components within a prompt contribute unequally to robustness.
Approach: They propose a framework that decomposes prompts into functional components and a method that selectively modifies components to expose component-wise vulnerabilities.
Outcome: The proposed framework exposes component-wise vulnerabilities while ensuring linguistic plausibility through perplexity-based filtering.
One Shot Dominance: Knowledge Poisoning Attack on Retrieval-Augmented Generation Systems (2025.findings-emnlp)

Copied to clipboard

Challenge: Existing knowledge poisoning attacks against RAG systems require multiple poisoned documents or can only function effectively on simplistic queries.
Approach: They propose a more realistic knowledge poisoning attack that poisons only a single document while remaining effective for complex multi-hop questions involving complex relationships between multiple elements.
Outcome: The proposed attack achieves success by poisoning only a single document while remaining effective for complex multi-hop questions involving complex relationships between multiple elements.
All Changes May Have Invariant Principles: Improving Ever-Shifting Harmful Meme Detection via Design Concept Reproduction (2026.acl-long)

Copied to clipboard

Challenge: Existing methods for harmful meme detection only learn the combination of harmful elements and lack understanding of these implicit expressions.
Approach: They propose a method that detects harmful memes by replicating the design concept of malicious users.
Outcome: The proposed method achieves the highest accuracy with 81.1% and has slight accuracy decreases when generalized to type-shifting and temporal-evolving memes.
Know Thy Enemy: Securing LLMs Against Prompt Injection via Diverse Data Synthesis and Instruction-Level Chain-of-Thought Learning (2026.findings-acl)

Copied to clipboard

Challenge: Large language model (LLM)-integrated applications face security vulnerabilities from prompt injection (PI) attacks.
Approach: They propose a model enhancement method that synthesizes diverse training data and employs instruction-level chain-of-thought fine-tuning to enable LLMs to effectively identify and reject malicious instructions regardless of their source or position in the context.
Outcome: The proposed method outperforms baselines in three critical dimensions while maintaining utility performance without degradation.
SAGE: Synergistic Adaptive Gating of Experts for Hateful Video Detection (2026.acl-long)

Copied to clipboard

Challenge: Existing methods for hateful video detection rely on multimodal feature fusion . existing methods rely only on blind feature mixing, which leads to feature dilution .
Approach: They propose a framework that shifts from blind feature mixing to decision-level arbitration . it instantiates disentangled experts to rigorously preserve modality-specific semantics .
Outcome: The proposed framework outperforms state-of-the-art methods on HateMM and MultiHateClip benchmarks.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations