Tianshuo Cong

Tianshuo Cong

Tsinghua University

My name is Tianshuo Cong (丛天硕). I am currently a postdoctoral researcher (Shuimu Scholar, 水木学者) at the Institute for Advanced Study, Tsinghua University (IASTU) (清华大学高等研究院), hosted by Prof. Xiaoyun Wang (IACR Fellow). I received my Ph.D. degree from the Institute for Advanced Study, Tsinghua University in 2023. My Ph.D. advisor is Prof. Xiaoyun Wang. Before that, I got my B.Eng. degree from the Department of Electronic Engineering, Tsinghua University in 2017. Meanwhile, I was a visiting Ph.D. student from August 2021 to December 2023 at CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, advised by Dr. Yang Zhang. My research interests include the safety, security, and privacy of artificial intelligence (e.g., large foundation models) and lightweight cipher design. I have published papers at top-tier security conferences including IEEE SP, ACM CCS, NDSS, and USENIX Security. Meanwhile, I have served as the PC members for security conferences such as RAID’25, EuroS&P’25, ACSAC’24, PETS’25/26, and SaTML’25, and I have also been the official invited reviewers for security journals (e.g., TIFS, TDSC, TOPS, etc) and AI conferences (e.g., ICML’25, NeurIPS’25, ICLR’25, etc). Notably, I lead a curated reading list on safety, security, and privacy of large models: Awesome-LM-SSP (Stars).

📍Education

  • 2017.07 - 2023.06, Ph.D., Institute for Advanced Study, Tsinghua University, Beijing, China
  • 2021.08 - 2023.01, Visiting Ph.D., CISPA Helmholtz Center for Information Security, Saarbrücken, Germany
  • 2013.06 - 2017.06, B.Eng., Department of Electronic Engineering, Tsinghua University, Beijing, China

📍Honors & Awards

  • NDSS’25 Distinguished Poster Award
  • CCS-LAMPS’24 Best Paper Award
  • Shuimu Tsinghua Scholar Program (2023-2025)
  • CACR Outstanding Doctoral Dissertation Award (2023)
  • 2nd Prize in Block Cipher Track, National Cryptographic Algorithm Design Competition (2021)

📍News

  • 2025.03: service I’ll serve on the Program Committee for PETS 2026.
  • 2025.03: service I’ll serve on the Program Committee for ACSAC 2025.
  • 2025.03: paper PEFTGuard got accepted in IEEE SP 2025!
  • 2025.02: award JailbreakEval won the Distinguished Poster Award of NDSS 2025!
  • 2025.02: service I’ll serve on the Program Committee for RAID 2025.
  • 2025.01: paper One paper got accepted in USENIX Security 2025!
  • 2024.12: paper Two papers got accepted in AAAI 2025!
  • 2024.11: paper One paper got accepted in NDSS Symposium 2025!

📍Publications

$^\star$: Equal contribution; $^\dagger$: Corresponding author

S&P'25

PEFTGuard: Detecting Backdoor Attacks Against Parameter-Efficient Fine-Tuning

Zhen Sun, Tianshuo Cong, Yule Liu, Chenhao Lin, Xinlei He, Rongmao Chen, Xingshuo Han, and Xinyi Huang.

IEEE Symposium on Security and Privacy (Oakland) 2025

[arxiv] [安全极客] (AR: 257/1740=14.8%, Cycle 2 AR: 151/1001=15.1%)

USENIX Sec'25

From Purity to Peril: Backdooring Merged Models From “Harmless” Benign Components

Lijin Wang, Jingjing Wang, Tianshuo Cong$^\dagger$, Xinlei He$^\dagger$, Zhan Qin, and Xinyi Huang

USENIX Security Symposium 2025

[paper]

NDSS'25

Safety Misalignment Against Large Language Models

Yichen Gong, Delong Ran, Xinlei He, Tianshuo Cong$^\dagger$, Anyu Wang$^\dagger$, and Xiaoyun Wang

NDSS Symposium 2025

[doi] [code] [slides] (AR: 211/1311=16.1%, AR Fall: 14.5%)

🎖️ Artifact Badges: Available, Functional, Reproduced

NDSS'25 Poster

JailbreakEval: An Integrated Safety Evaluator Toolkit for Assessing Jailbreaks Against Large Language Models

Delong Ran, Jinyuan Liu, Yichen Gong, Jingyi Zheng, Xinlei He, Tianshuo Cong$^\dagger$, and Anyu Wang

NDSS Symposium 2025 (Poster Session)

[arxiv] [poster] [code] Stars PyPI - Total Downloads (NDSS’25 Poster AR: 37/76=48.7%)

🏆 Distinguished Poster Award

AAAI'25

FigStep: Jailbreaking Large Vision-Language Models via Typographic Visual Prompts

Yichen Gong$^\star$, Delong Ran$^\star$, Jinyuan Liu, Conglei Wang, Tianshuo Cong$^\dagger$, Anyu Wang$^\dagger$, Sisi Duan, and Xiaoyun Wang

Annual AAAI Conference on Artificial Intelligence (AAAI) 2025

[pdf] [arxiv] [code] [slides] Stars (OR: 600/12957=4.6%, AR: 3032/12957=23.4%)

🎙️ Oral Presentation

AAAI'25

CL-Attack: Textual Backdoor Attacks via Cross-Lingual Triggers

Jingyi Zheng, Tianyi Hu, Tianshuo Cong, and Xinlei He

Annual AAAI Conference on Artificial Intelligence (AAAI) 2025

[pdf] [arxiv] [code] [安全极客,为机器立心] (AR: 3032/12957=23.4%)

CCS-LAMPS'24

Have You Merged My Model? On The Robustness of Large Language Model IP Protection Methods Against Model Merging

Tianshuo Cong, Delong Ran, Zesen Liu, Xinlei He, Jinyuan Liu, Yichen Gong, Qi Li, Anyu Wang, and Xiaoyun Wang

1st ACM Workshop on Large AI Systems and Models with Privacy and Safety Analysis (LAMPS)

[doi] [arxiv] [code] [slides]

🏆 Best Paper Award

S&P'24

Test-time Poisoning Attacks Against Test-time Adaptation Models

Tianshuo Cong, Xinlei He, Yun Shen, and Yang Zhang

IEEE Symposium on Security and Privacy (Oakland) 2024

[official] [pdf] [arxiv] [code] [slides] (AR: 261/1463=17.8%)

CCS'22

SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders

Tianshuo Cong, Xinlei He, and Yang Zhang

The ACM Conference on Computer and Communications Security (CCS) 2022

[official] [pdf] [arxiv] [code] [slides] (AR: 218/971=22.5%)

密码学报

分组密码算法FESH [pdf]

贾珂婷, 董晓阳, 魏淙洺, 李铮, 周海波, 丛天硕

密码学报 (Journal of Cryptologic Research)

🏆 全国密码算法设计竞赛(分组算法)二等奖

Under Review & Manuscript

  • SoK: Benchmarking Poisoning Attacks and Defenses in Federated Learning
    Heyi Zhang, Yule Liu, Xinlei He, Jun Wu, Tianshuo Cong, and Xinyi Huang.
    [arxiv]

  • Jailbreak Attacks and Defenses Against Large Language Models: A Survey
    Sibo Yi, Yule Liu, Zhen Sun, Tianshuo Cong, Xinlei He, Jiaxing Song, Ke Xu, and Qi Li.
    [arxiv]

  • On Evaluating The Performance of Watermarked Machine-Generated Texts Under Adversarial Attacks
    Zesen Liu, Tianshuo Cong, Xinlei He, and Qi Li.
    [arxiv]

  • Robustness Over Time: Understanding Adversarial Examples’ Effectiveness on Longitudinal Versions of Large Language Models
    Yugeng Liu$^\star$, Tianshuo Cong$^\star$, Zhengyu Zhao, Michael Backes, Yun Shen, and Yang Zhang.
    [arxiv]

Others

  • 隐私计算产品通用安全分级白皮书 (2024年)
    Led by Ant Group.
    [pdf]

📍Services

Session Chair

  • NDSS 2025 (Session 3D: AI Safety)

PC Member of Security and Privacy Conferences

  • EuroS&P 2025
  • ACSAC 2024, 2025
  • RAID 2025
  • PETS 2025, 2026
  • SaTML 2025
  • IWQoS 2025

Official Invited Reviewer of AI Conference

  • ICML 2025
  • NeurIPS 2024, 2025
  • ICLR 2025
  • CVPR 2024, 2025
  • AAAI 2025
  • KDD 2025
  • MM 2024
  • ACL 2024
  • ECCV 2024
  • AISTATS 2025

Official Invited Reviewer of Journals

  • IEEE Transactions on Information Forensics and Security (TIFS)
  • IEEE Transactions on Dependable and Secure Computing (TDSC)
  • ACM Transactions on Privacy and Security (TOPS)
  • ACM Transactions on Knowledge Discovery from Data (TKDD)
  • 《信息安全学报》(Journal of Cyber Security)

Organizer

  • A curated reading list on safety, security, and privacy of large models: Awesome-LM-SSP Stars

Ph.D. Thesis Defense Committee Secretary

  • Tairong Huang (Tsinghua University, 2024/05)
  • Shiduo Zhang (Tsinghua University, 2024/05)
  • Xiao Sui (Shandong University, 2024/05)
  • Han Wu (Shandong University, 2024/05)

📍Teaching

  • Lecturer of the tutorial on “Safety, Security, and Privacy of Foundation Models” at IEEE WIFS 2024, Rome, Italy (In English, ~4 hours).
  • Teaching Assistant of the Course “Advanced Numerical Analysis”, Fall 2019, Tsinghua University.
  • Teaching Assistant of the Course “Introduction to Information Science and Technology”, Spring 2018, Tsinghua University.

📍Miscellaneous