Yi Liu

Yi Liu

I am an incoming Lecturer (Assistant Professor) at the School of Information and Communication Technology (ICT), Griffith University, Australia. Previously, I was an AI Research Engineer at Quantstamp, building the next-generation AI firewall.

I received my Ph.D. from the School of Computer Science and Engineering at Nanyang Technological University (NTU), Singapore, advised by Prof. Tianwei Zhang. I obtained my Bachelor’s degree from Southern University of Science and Technology (SUSTech) with Summa Cum Laude (Top 10 in ~1000), advised by Prof. Yepang Liu.

My research focuses on LLM Security, AI Agent Security, and Software Engineering/Testing. I have published various papers at top venues including IEEE S&P, ACM CCS, USENIX Security, NDSS, ICSE, FSE, ACL, OOPSLA, and ASE. My work has been cited by OWASP LLM Top 10, OWASP Agentic Skills Top 10, NIST, Google DeepMind, and OpenAI. I am a core contributor to PentestGPT (11k+ stars) and have discovered security vulnerabilities in major AI coding agents including OpenHands, Claude Code, and Gemini CLI.

I am actively recruiting self-motivated PhD students and research interns. If you are interested in AI Security or Software Engineering research, please feel free to email me!

For prospective students: you are encouraged to get in touch with students I supervise to learn more about my team before/after contacting me.

News

  • 2026: Two papers accepted at USENIX Security 2026 — on detecting malicious agent skills and defending jailbreak attacks via manifold trajectory kinetics.
  • 2026: Joining Griffith University as Lecturer (Assistant Professor) at School of ICT.
  • 2026: Two preprints on AI agent security — “Agent Skills in the Wild” and “Malicious Agent Skills.”
  • 2026: Papers accepted at WWW 2026 and new work on supply-chain poisoning attacks.
  • 2025: Papers accepted at CCS 2025, WWW 2025, ACL 2025, ASE 2025, PETS 2025.
  • 2025: Awarded Anthropic Safety Bug Bounty x2.
  • 2025: Most Innovation Paper Award at HMISA 2025.
  • 2024: Received Distinguished Paper Award (AISCC) and Distinguished Reviewer Award (Forge).
  • 2024: Received Chinese Government Award for Outstanding Self-financed Students Abroad.
  • 2024: Papers accepted at USENIX Security 2024, ACL 2024, OOPSLA 2024, ASE 2024.
  • 2024: Received the DALL-E Detection Classifier Access Program from OpenAI.

Selected Publications

For a full list, see the Publications page.

  • Jailbreaking ChatGPT via Prompt Engineering: An Empirical Study Yi Liu*, Gelei Deng*, Zhengzi Xu, Yuekang Li, Yaowen Zheng, Ying Zhang, Lida Zhao, Tianwei Zhang, Kailong Wang, Yang Liu. arXiv preprint arXiv:2305.13860, 2023.

  • Prompt Injection Attack against LLM-Integrated Applications Yi Liu*, Gelei Deng*, Yuekang Li, Kailong Wang, Zihao Wang, Xiaofeng Wang, Tianwei Zhang, Yepang Liu, Haoyu Wang, Yan Zheng, Leo Yu Zhang, Yang Liu. arXiv preprint arXiv:2306.05499, 2023.

  • MasterKey: Automated Jailbreak Across Multiple Large Language Model Chatbots Gelei Deng*, Yi Liu*, Yuekang Li, Kailong Wang, Ying Zhang, Zefeng Li, Haoyu Wang, Tianwei Zhang, Yang Liu. NDSS 2024.

  • PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing Gelei Deng, Yi Liu*, Víctor Mayoral-Vilches, Peng Liu, Yuekang Li, Yuan Xu, Tianwei Zhang, Yang Liu. USENIX Security 2024.

  • A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models Zihao Xu, Yi Liu, Gelei Deng, Yuekang Li, Stjepan Picek. ACL 2024 Findings.

  • Automatic Web Testing Using Curiosity-Driven Reinforcement Learning Yan Zheng*, Yi Liu*, Xiaofei Xie, Yepang Liu, Lei Ma, Jianye Hao, Yang Liu. ICSE 2021.

Awards & Honors

  • 2025: Anthropic Safety Bug Bounty x2, Anthropic
  • 2025: Most Innovation Paper Award, HMISA
  • 2024: DALL-E Detection Classifier Access Program, OpenAI
  • 2024: Distinguish Artifact Award, ACM USENIX Security
  • 2024: Chinese Government Award for Outstanding Self-financed Students Abroad, CSC
  • 2024: Distinguished Reviewer Award (Forge), Distinguished Paper Award (AISCC), Student Travel Grant (NDSS)
  • 2023: SDSC Dissertation Fellowship, Global Skills Strategy Reception (University of Alberta)
  • 2022: ACM Student Research Competition Second Place, ASE 2022 / FSE 2022
  • 2020: Summa Cum Laude (Highest Honor, Top 10 in ~1000), SUSTech
  • 2019: National Scholarship (0.2%, 8 quotas in 4000), Ministry of Education, China
  • 2019: Testing Competition Champion x3 (ISSTA, QRS, ICST)
  • 2019: Tencent Rhino-Bird Elite Training Program, SIGSOFT CAPS
  • 2018: National Student Contest of Software Testing Grand Prize (Champion, 1/3243), IEEE Reliability Society
  • 2017-2018: National Engagement Scholarship, ASC Student Supercomputer Challenge Second Class Prize, SUSTech First Class Scholarship

Education

  • Jan 2021 - Sept 2024: Ph.D., School of Computer Science and Engineering, Nanyang Technological University (NTU), Singapore.
  • 2016 - 2020: B.Eng., Department of Computer Science and Engineering, Southern University of Science and Technology (SUSTech), China.
    • Summa Cum Laude (Top 10 in ~1000)

Work Experience

  • Oct 2024 - Present: AI Research Engineer, Quantstamp.
    • Building the next-generation AI firewall. Implemented full pipeline for code auditing, project scoping, and fuzzing by AI agents. Various 0-day vulnerabilities detected.
  • May 2023 - Sept 2023: Research Intern, University of Alberta (Momentum Lab, Advisor: Lei Ma).
    • LLM testing and LLM security.
  • Jul 2019 - Jul 2020: Application Research Intern, Tencent (Rhino-Bird Elite Program).
    • WeChat Mini Program Crash Analysis & Dynamic Analysis Framework.
  • Sept 2018 - Nov 2018: Web Developer Intern, Baidu, Inc.
  • Mar 2018 - Aug 2018: Software Developer, Amber AI.

Professional Service

PC Member / Reviewer:

  • ICSE 2027, WWW 2025 & 2026, SIGIR 2025, CIKM 2026, ASE 2024, EASE 2024 & 2025, FORGE 2024, TDSC, TIFS, TOSEM, MSR 2024

Student Supervision

  • Zhihao Chen (Griffith University)
  • Yujiang Li (Griffith University)
  • Ruoqi Guo (Griffith University)
  • Zihao Xu (UNSW Sydney)
  • Yuxi Li (HUST)
  • Ziqi Ding (UNSW Sydney)
  • Kexin Chen (ZJU)
  • Haonan Zhang (ZJU)
  • Yue Wang (NJU)
  • Zihan Liu (ZJU)
  • Geng Li (WFU)

Open Source Contributions & Vulnerability Discoveries

  • PentestGPT (GitHub Stars: 11k+) — Core contributor to the LLM-empowered penetration testing tool.
  • Discovered security vulnerabilities in major AI coding agents: OpenHands, Claude Code, Gemini CLI, and others.