I am an incoming Lecturer (Assistant Professor) at the School of Information and Communication Technology (ICT), Griffith University, Australia. Previously, I was an AI Research Engineer at Quantstamp, building the next-generation AI firewall.

I received my Ph.D. from the School of Computer Science and Engineering at Nanyang Technological University (NTU), Singapore, advised by Prof. Yang Liu and Prof. Tianwei Zhang. I obtained my Bachelor’s degree from Southern University of Science and Technology (SUSTech) with Summa Cum Laude (Top 10 in ~1000), advised by Prof. Yepang Liu.

My research focuses on LLM Security, AI Agent Security, and Software Engineering/Testing. I have published various papers at top venues including IEEE S&P, ACM CCS, USENIX Security, NDSS, ICSE, FSE, ACL, OOPSLA, and ASE. My work has been cited by OWASP LLM Top 10, NIST, Google DeepMind, and OpenAI. I am a core contributor to PentestGPT (11k+ stars) and have discovered security vulnerabilities in major AI coding agents including OpenHands, Claude Code, and Gemini CLI.

I am actively recruiting self-motivated PhD students and research interns. If you are interested in AI Security or Software Engineering research, please feel free to email me!

For prospective students: you are encouraged to get in touch with students I supervise to learn more about my team before/after contacting me.

News

2026: Joining Griffith University as Lecturer (Assistant Professor) at School of ICT.
2026: Two preprints on AI agent security — “Agent Skills in the Wild” and “Malicious Agent Skills.”
2026: Papers accepted at WWW 2026 and new work on supply-chain poisoning attacks.
2025: Papers accepted at CCS 2025, WWW 2025, ACL 2025, ASE 2025, PETS 2025.
2025: Awarded Anthropic Safety Bug Bounty x2.
2025: Most Innovation Paper Award at HMISA 2025.
2024: Received Distinguished Paper Award (AISCC) and Distinguished Reviewer Award (Forge).
2024: Received Chinese Government Award for Outstanding Self-financed Students Abroad.
2024: Papers accepted at USENIX Security 2024, ACL 2024, OOPSLA 2024, ASE 2024.
2024: Received the DALL-E Detection Classifier Access Program from OpenAI.

Selected Publications

For a full list, see the Publications page.

Jailbreaking ChatGPT via Prompt Engineering: An Empirical Study Yi Liu*, Gelei Deng*, Zhengzi Xu, Yuekang Li, Yaowen Zheng, Ying Zhang, Lida Zhao, Tianwei Zhang, Kailong Wang, Yang Liu. arXiv preprint arXiv:2305.13860, 2023.
Prompt Injection Attack against LLM-Integrated Applications Yi Liu*, Gelei Deng*, Yuekang Li, Kailong Wang, Zihao Wang, Xiaofeng Wang, Tianwei Zhang, Yepang Liu, Haoyu Wang, Yan Zheng, Leo Yu Zhang, Yang Liu. arXiv preprint arXiv:2306.05499, 2023.
MasterKey: Automated Jailbreak Across Multiple Large Language Model Chatbots Gelei Deng*, Yi Liu*, Yuekang Li, Kailong Wang, Ying Zhang, Zefeng Li, Haoyu Wang, Tianwei Zhang, Yang Liu. NDSS 2024.
PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing Gelei Deng, Yi Liu*, Víctor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu. USENIX Security 2024.
A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models Zihao Xu, Yi Liu, Gelei Deng, Yuekang Li, Stjepan Picek. ACL 2024 Findings.
Automatic Web Testing Using Curiosity-Driven Reinforcement Learning Yan Zheng*, Yi Liu*, Xiaofei Xie, Yepang Liu, Lei Ma, Jianye Hao, Yang Liu. ICSE 2021.

Awards & Honors

2025: Anthropic Safety Bug Bounty x2, Anthropic
2025: Most Innovation Paper Award, HMISA
2024: DALL-E Detection Classifier Access Program, OpenAI
2024: Distinguish Artifact Award, ACM USENIX Security
2024: Chinese Government Award for Outstanding Self-financed Students Abroad, CSC
2024: Distinguished Reviewer Award (Forge), Distinguished Paper Award (AISCC), Student Travel Grant (NDSS)
2023: SDSC Dissertation Fellowship, Global Skills Strategy Reception (University of Alberta)
2022: ACM Student Research Competition Second Place, ASE 2022 / FSE 2022
2020: Summa Cum Laude (Highest Honor, Top 10 in ~1000), SUSTech
2019: National Scholarship (0.2%, 8 quotas in 4000), Ministry of Education, China
2019: Testing Competition Champion x3 (ISSTA, QRS, ICST)
2019: Tencent Rhino-Bird Elite Training Program, SIGSOFT CAPS
2018: National Student Contest of Software Testing Grand Prize (Champion, 1/3243), IEEE Reliability Society
2017-2018: National Engagement Scholarship, ASC Student Supercomputer Challenge Second Class Prize, SUSTech First Class Scholarship

Education

Jan 2021 - Sept 2024: Ph.D., School of Computer Science and Engineering, Nanyang Technological University (NTU), Singapore.
- Advisors: Prof. Yang Liu and Prof. Tianwei Zhang
2016 - 2020: B.Eng., Department of Computer Science and Engineering, Southern University of Science and Technology (SUSTech), China.
- Summa Cum Laude (Top 10 in ~1000)

Work Experience

Oct 2024 - Present: AI Research Engineer, Quantstamp.
- Building the next-generation AI firewall. Implemented full pipeline for code auditing, project scoping, and fuzzing by AI agents. Various 0-day vulnerabilities detected.
May 2023 - Sept 2023: Research Intern, University of Alberta (Momentum Lab, Advisor: Lei Ma).
- LLM testing and LLM security.
Jul 2019 - Jul 2020: Application Research Intern, Tencent (Rhino-Bird Elite Program).
- WeChat Mini Program Crash Analysis & Dynamic Analysis Framework.
Sept 2018 - Nov 2018: Web Developer Intern, Baidu, Inc.
Mar 2018 - Aug 2018: Software Developer, Amber AI.

Professional Service

PC Member / Reviewer:

ICSE 2027, WWW 2025 & 2026, SIGIR 2025, ASE 2024, EASE 2024 & 2025, FORGE 2024, TDSC, TIFS, TOSEM, MSR 2024

Student Supervision

Zhihao Chen (Griffith University)
Yujiang Li (Griffith University)
Ruoqi Guo (Griffith University)
Zihao Xu (UNSW Sydney)
Yuxi Li (HUST)
Ziqi Ding (UNSW Sydney)
Kexin Chen (ZJU)
Haonan Zhang (ZJU)

Open Source Contributions & Vulnerability Discoveries

PentestGPT (GitHub Stars: 11k+) — Core contributor to the LLM-empowered penetration testing tool.
Discovered security vulnerabilities in major AI coding agents: OpenHands, Claude Code, Gemini CLI, and others.

Yi Liu