Jie Zhang

Jie Zhang

🧐 About Me

Hi there! I am a 2-year PhD student in Computer Science at the ETH Zurich, under the supervision of Prof. Florian Tramèr, and a member of the Secure and Private AI (SPY) Lab.

I completed my master’s degree in Software Engineering at Zhejiang University in March 2023, advised by Prof. Chao Wu.

Before that, I received my Bachelor’s degree at Hainan University in July 2020.

Research Interests:

🤔 For my PhD study, my primary focus is on examining the potential security and privacy risks in ML systems, both in their current state and as they evolve in the future. My research aims to uncover vulnerabilities and develop strategies to mitigate these risks, ultimately contributing to the development of more secure and privacy-preserving machine learning technologies.

🔥 News

📒 Blogs

(Our lab has very nice 📚 Blogs about AI security and privacy, highly recommended for reading!)

📝 Selected Publications

( * indicates equal contribution. Full list of publications)

Preprint.
Preprint
sym

The Jailbreak Tax: How Useful are Your Jailbreak Outputs?

Kristina Nikolić, Luze Sun, Jie Zhang, Florian Tramèr

code blog

[Preprint]

Accepted.
SaTML 2025
sym

Position: Membership Inference Attacks Cannot Prove that a Model Was Trained On Your Data

Jie Zhang, Debeshee Das, Gautam Kamath, Florian Tramèr

blog poster

[IEEE SaTML 2025]

CCS 2024
sym

Evaluations of Machine Learning Privacy Defenses are Misleading

Michael Aerni*, Jie Zhang*, Florian Tramèr

code blog poster

[ACM CCS 2024]

IEEE SP 2025, DLSP workshop

Position: Adversarial ML Problems Are Getting Harder to Solve and to Evaluate

Javier Rando*, Jie Zhang*, Nicholas Carlini, Florian Tramèr

[IEEE SP 2025, DLSP workshop]

ICLR 2025
sym

Does Training with Synthetic Data Truly Protect Privacy?

Yunpeng Zhao, Jie Zhang

code

[ICLR 2025]

IEEE SP 2025, DLSP workshop
sym

Blind Baselines Beat Membership Inference Attacks for Foundation Models

Debeshee Das, Jie Zhang, Florian Tramèr

code poster

[IEEE SP 2025, DLSP workshop]

NeurIPS 2024
sym

AgentDojo: A Dynamic Environment to Evaluate Prompt Injection Attacks and Defenses for LLM Agents

Edoardo Debenedetti, Jie Zhang, Mislav Balunović, Luca Beurer-Kellner, Marc Fischer, Florian Tramèr

code poster

[NeurIPS 2024 Dataset $\&$ Benchmark Track]

🎤 Talks

  • ResearchTrend Connect (2024.12)
    "Membership Inference Attacks Cannot Prove that a Model Was Trained On Your Data" [paper]
  • Google, Differential Privacy for ML (2025.04)
    "Membership Inference Attacks Cannot Prove that a Model Was Trained On Your Data" [paper]

🎖 Honors and Awards

  • 2021.05 We won the first prize on CVPR21 Workshop (Adversarial Machine Learning in Real-World Computer Vision Systems and Online Challenges, rank: 1 / 1558).
  • 2022.10 China National Scholarship, Zhejiang University, 2022
  • Outstanding Student Scholarship, First Prize, Hainan University, 2018, 2019, 2020.

📖 Educations

  • 🎓 2020.09 - 2023.03, Master, Zhejiang University, China.
  • 🎓 2016.09 - 2020.06, Undergraduate, Hainan University, China.

💬 Services

  • Journal Reviewer:
    • IEEE Transactions on Neural Networks and Learning Systems
    • Neural Networks
    • IEEE Transactions on Pattern Analysis and Machine Intelligence
  • Conference Reviewer: ICLR, AAAI, CVPR, ICML, ECCV, ICCV, NeurIPS.

💻 Internships

🎙 Miscellaneous

Travel

I enjoy the time traveling with my families and friends. I am always excited about visiting new places and knowing different cultures.

My cat

My girlfriend and I have three cats together, they are very adorable and have brought a lot of fun to our lives!

图片名称 图片名称 图片名称