🔥 Biography

I am a research fellow at Nanyang Technological University, working with Prof. Yang Liu. I received my Ph.D. Degree from the University of Chinese Academy of Sciences, advised by Professor Xiaochun Cao. My PhD research interests include computer vision, adversarial attack, adversarial training and reinforcement learning etc.

I was a visiting student (Remote) from February, 2023 to September, 2023 in the Torr Vision Group, University of Oxford. I was a research intern from March, 2022 to February, 2023 at Ali Group Security. I was a research intern from May, 2020 to February, 2022 at Tencent AI Lab.

At present, I am focused on issues related to the security of large models, including jailbreaking attacks on LLM (Large Language Models), adversarial transferability on VLM (Vision Language Models), and so on.

I am actively seeking highly self-motivated students who have a strong background and interests in my research topics (but are not limited). Please drop me an email with your CV if you are interested in working with me (Email: jiaxiaojunqaq@gmail.com). Together, we have the chance to embark on a gratifying journey, confronting real-world problems and achieving substantial, tangible impacts.

🎉 News

• 2026.02:   Two papers on Adversarial Attack for AI are accepted in CVPR2026.
• 2026.01:   One papers on Jailbreak Attack for Audio-LLM is accepted in TDSC2026.
• 2026.01:   Three papers on Jailbreak attack and defense for LLM/MLLM are accepted in ICLR2026.
• 2026.01:   One papers on Jailbreak Defense for T2I model is accepted in TIFS2026.

📝 Publications

✨ First Author

• Adversarial Attacks against Closed-Source MLLMs via Feature Optimal Alignment,
  Xiaojun Jia, Sensen Gao, Simeng Qin, Tianyu Pang, Chao Du, Yihao Huang, Xinfeng Li, Yiming Li, Bo Li, Yang Liu,
  Conference on Neural Information Processing Systems 2025 (NeurIPS 2025) | Project | Github

• Semantic-Aligned Adversarial Evolution Triangle for High-Transferability Vision-Language Attack,
  Xiaojun Jia, Sensen Gao, Qing Guo, Ke Ma, Yihao Huang, Simeng Qin, Yang Liu, Ivor Tsang Fellow, Xiaochun Cao,
  IEEE Transactions on Pattern Analysis and Machine Intelligence 2025 (TPAMI 2025) | Project | Github

• Improved techniques for optimization-based jailbreaking on large language models,
  Xiaojun Jia, Tianyu Pang, Chao Du, Yihao Huang, Jindong Gu, Yang Liu, Xiaochun Cao, Min Lin,
  International Conference on Learning Representations 2025 (ICLR 2025) | Project | Github

• Revisiting and Exploring Efficient Fast Adversarial Training via LAW: Lipschitz Regularization and Auto Weight Averaging,
  Xiaojun Jia, Yuefeng Chen, Xiaofeng Mao, Ranjie Duan, Jindong Gu, Rong Zhang, Hui Xue, Yang Liu, and Xiaochun Cao,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | Github

• Improving Fast Adversarial Training with Prior-Guided Knowledge,
  Xiaojun Jia, Yong Zhang, Xingxing Wei, Baoyuan Wu, Ke Ma, Jue Wang, and Xiaochun Cao,
  IEEE Transactions on Pattern Analysis and Machine Intelligence 2024 (TPAMI 2024) | Project | Github

• Propagation is Better: Accelerating Single-Step Adversarial Training via Sampling Subnetwork,
  Xiaojun Jia, Jianshu Li, Jindong Gu, Yang Bai and Xiaochun Cao,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | Github

• Prior-Guided Adversarial Initialization for Fast Adversarial Training,
  Xiaojun Jia, Yong Zhang, Xingxing Wei, Baoyuan Wu, Ke Ma, Jue Wang, Xiaochun Cao
  European Conference on Computer Vision 2022 (ECCV 2022) | Project | Github

• Boosting Fast Adversarial Training with Learnable Adversarial Initialization,
  Xiaojun Jia, Yong Zhang, Baoyuan Wu, Jue Wang, Xiaochun Cao
  IEEE Transactions on Image Processing 2022 (TIP 2022) | Project | Github

• LAS-AT: Adversarial Training with Learnable Attack Strategy(Oral),
  Xiaojun Jia, Yong Zhang, Baoyuan Wu, Ke Ma, Jue Wang, Xiaochun Cao
  Computer Vision and Pattern Recognition Conference 2022 (CVPR(Oral), 2022) | Project | Github

• Adv-watermark: A novel watermark perturbation for adversarial examples,
  Xiaojun Jia, Xingxing Wei, Xiaochun Cao, Xiaoguang Han
  Proceedings of the 28th ACM International Conference on Multimedia 2020 (ACM MM, 2020) | Project | Github

• Comdefend: An efficient image compression model to defend adversarial examples,
  Xiaojun Jia, Xingxing Wei, Xiaochun Cao, Hassan Foroosh
  Computer Vision and Pattern Recognition Conference 2019 (CVPR 2019) | Project | Github

🌟 Corresponding Author

• Casting a SPELL: Sentence Pairing Exploration for LLM Limitation-breaking,
  Yifan Huang, Xiaojun Jia(Corresponding Author), Wenbo Guo, Yuqiang Sun, Yihao Huang, Chong Wang, Yang Liu,
  The ACM International Conference on the Foundations of Software Engineering 2026 (FSE 2026) | Project | Github

• PhysPatch: A Physically Realizable and Transferable Adversarial Patch Attack for Multimodal Large Language Models-based Autonomous Driving Systems,
  Qi Guo, Xiaojun Jia(Corresponding Author), Shanmin Pang, Simeng Qin, Lin Wang, Ju Jia, Yang Liu, Qing Guo,
  The 40th Annual AAAI Conference on Artificial Intelligence 2026 (AAAI 2025) | Project | Github

• Geoshield: Safeguarding geolocation privacy from vision-language models via adversarial perturbations,
  Xinwei Liu, Xiaojun Jia(Corresponding Author), Yuan Xun, Simeng Qin, Xiaochun Cao,
  The 40th Annual AAAI Conference on Artificial Intelligence 2026 (AAAI 2025) | Project | Github

• SeCon-RAG: A Two-Stage Semantic Filtering and Conflict-Free Framework for Trustworthy RAG,
  Xiaonan Si, Meilin Zhu, Simeng Qin, Lijia Yu, Lijun Zhang, Shuaitong Liu, Xinfeng Li, Ranjie Duan, Yang Liu, Xiaojun Jia(Corresponding Author),
  Conference on Neural Information Processing Systems 2025 (NeurIPS 2025) | Project | Github

• Heuristic-Induced Multimodal Risk Distribution Jailbreak Attack for Multimodal Large Language Models,
  Teng Ma, Xiaojun Jia(Corresponding Author), Ranjie Duan, Xinfeng Li, Yihao Huang, Xiaoshuang Jia, Zhixuan Chu, Wenqi Ren,
  International Conference on Computer Vision 2025 (ICCV2025) | Project | Github

• Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization,
  Yihao Huang, Chong Wang, Xiaojun Jia(Corresponding Author), Qing Guo, Felix Juefei-Xu, Jian Zhang, Yang Liu, Geguang Pu,
  Annual Meeting of the Association for Computational Linguistics 2025 (ACL2025) | Project

• Move: Effective and harmless ownership verification via embedded external features,
  Yiming Li, Linghui Zhu, Xiaojun Jia(Corresponding Author), Yang Bai, Yong Jiang, Shu-Tao Xia, Xiaochun Cao, Kui Ren,
  IEEE Transactions on Pattern Analysis and Machine Intelligence 2025 (TPAMI 2025) | Project | Github

• Scale-Invariant Adversarial Attack against Arbitrary-scale Super-resolution,
  Yihao Huang, Xin Luo, Qing Guo, Felix Juefei-Xu, Xiaojun Jia(Corresponding Author), Weikai Miao, Geguang Pu, Yang Liu
  IEEE Transactions on Information Forensics and Security 2025 (TIFS 2025) | Project | Github

• Perception-guided Jailbreak against Text-to-Image Models,
  Yihao Huang, Le Liang, Tianlin Li, Xiaojun Jia(Corresponding Author), Run Wang, Weikai Miao, Geguang Pu, Yang Liu
  Thirty-Ninth AAAI Conference on Artificial Intelligence (AAAI-25) | Project | Github

• Efficient Generation of Targeted and Transferable Adversarial Examples for Vision-Language Models via Diffusion Models,
  Qi Guo, Shanmin Pang, Xiaojun Jia(Corresponding Author), Yang Liu, Qing Guo
  IEEE Transactions on Information Forensics and Security 2025 (TIFS 2025) | Project | Github

• Multimodal Unlearnable Examples: Protecting Data against Multimodal Contrastive Learning,
  Xinwei Liu, Xiaojun Jia(Corresponding Author), Yuan Xun, Siyuan Liang, Xiaochun Cao,
  Proceedings of the 32nd ACM International Conference on Multimedia 2024 (ACM MM, 2024) | Project | Github

• Boosting Transferability in Vision-Language Attacks via Diversification along the Intersection Region of Adversarial Trajectory,
  Sensen Gao, Xiaojun Jia(Corresponding Author), Xuhong Ren, Ivor Tsang, and Qing Guo
  European Conference on Computer Vision 2024 (ECCV 2024) | Project | Github

• Texture Re-scalable Universal Adversarial Perturbation,
  Yihao Huang, Qing Guo, Felix Juefei-Xu, Ming Hu, Xiaojun Jia(Corresponding Author), Xiaochun Cao, Geguang Pu and Yang Liu,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | [Github]

• Hide in Thicket: Generating Imperceptible and Rational Adversarial Perturbations on 3D Point Clouds,
  Tianrui Lou, Xiaojun Jia(Corresponding Author), Jindong Gu, Li Liu, Siyuan Liang, Bangyan He, Xiaochun Cao,
  Computer Vision and Pattern Recognition Conference 2024 (CVPR 2024) | Project | Github

• Minimalism is King! High-Frequency Energy-based Screening for Data-Efficient Backdoor Attacks,
  Yuan Xun, Xiaojun Jia(Corresponding Author), Jindong Gu, Xinwei Liu, Qing Guo, Xiaochun Cao,
  IEEE Transactions on Information Forensics and Security 2024 (TIFS 2024) | Project | [Github]

• Does Few-shot Learning Suffer from Backdoor Attacks?,
  Xinwei Liu, Xiaojun Jia(Corresponding Author), Jindong Gu, Yuan Xun, Siyuan Liang, Xiaochun Cao,
  Thirty-Eighth AAAI Conference on Artificial Intelligence (AAAI 2024)

• Generating Transferable 3D Adversarial Point Cloud via Random Perturbation Factorization,
  Bangyan He, Jian Liu, Yiming Li, Siyuan Liang, Jingzhi Li, Xiaojun Jia(Corresponding Author), Xiaochun Cao
  Association for the Advance of Artificial Intelligence 2023 (AAAI 2023) | Project | Github

• Watermark Vaccine: Adversarial Attacks to Prevent Watermark Removal,
  Xinwei Liu, Jian Liu, Yang Bai, Jindong Gu, Tao Chen, Xiaojun Jia(Corresponding Author), Xiaochun Cao
  European Conference on Computer Vision 2022 (ECCV 2022) | Project | Github

🎉 Professional Service

• Reviewer or Program Committee: CVPR, ICCV, ECCV, NeurIPS, ICML, ICLR, AAAI, IJCAI, ACM MM, IEEE TPAMI, IEEE TIP, IEEE TIFS, IEEE TDSC
• Senior Program Committee: AAAI-26-AIA
• Associate Editor: Pattern Recognition

🎖 Honors and Awards

• 2025.07 IJCAI 2025 Workshop & Challenge on Deepfake Detection, Localization, and Interpretability, Generative Large Model Security Track, 1st Place.
• 2024.08 CCDM 2024 Red Teaming Multimodal Large Language Model Security Challenge, 1st Place.
• 2023.12 NeurIPS 2023 Red Teaming Track - Base Model Subtrack, 3rd place.
• 2021.06 ACM MM2021 Security AI Challenger: Robust Logo Detection, 2nd place.
• 2021.11 Face security confrontation in OPPO Security Challenge, 2nd place.
• 2021 Best Paper of Adversarial for Good Award, ICML AdvML Workshop.

🚩 Organization

• 2024 Global Challenge for Safe and Secure LLMs.
• 2024 DataCon2024 Big Data Security Analysis Competition.

📖 Educations

• 2023.08 - now Nanyang Technological University, Research Fellow.
• 2018.06 - 2023.07 School of Cyberspace Security, University of Chinese Academy of Sciences, PhD.
• 2014.09 - 2018.06, School of Information Engineering, China University of Geosciences, Bachelor.

💬 Invited Talks

• 2025.04, 2025 Black Hat Asia - AI Summit, Singapore, Title “LLM Firewalls: Are They the Future of AI Security?”
• 2024.10, 2024 Patian White Hat Hacker Annual Ceremony, China, Title “The dual threat of large vision-language models: an in-depth exploration from adversarial to jailbreak attacks”
• 2024.07, 2024 World Al Conference & High-levelMeeting on Global Al Governance, China, Title “An in-depth exploration from machine learning safety to large model safety”

💻 Internships

• 2020.05 - 2022.02, Research Intern, Tencent AI Lab, Tencent, China.
• 2022.03 - 2023.07, Research Intern, Ali Group Security, China.