Sizhe Chen’s homepage
Biography
Hi! I am a Computer Science Ph.D. student at UC Berkeley, fortunately advised by Prof. David Wagner in Berkeley AI Research (BAIR). I am working as a visiting researcher with Chuan Guo at Meta FAIR and Nicholas Carlini at Google DeepMind, supported by two BAIR Commons with them. I got my M.Eng. (National Scholarship) and B.Eng. (Summa Cum Laude) from Shanghai Jiao Tong University advised by Prof. Xiaolin Huang and also with Prof. Cihang Xie.
My research focuses on AI security in real-world applications. I am currently working on prompt injection defenses (SecAlign, StruQ, Jatmo). Prompt injections are listed as the #1 threat to Large Language Model (LLM) Integrated Applications, where a trusted prompt is concatenated to an untrusted data (with potentially injected prompts) as the LLM input. To open up new opportunities for safely using LLMs in systems (e.g., as agents), my goal is to design fundamental defenses to secure LLMs against prompt injections. My work on trustworthy vision models is listed in my CV and (previous) SoP. Feel free to drop me an email to connect!
I am fortunate to have mentored lots of talented students (and some from underrepresentative groups): Jing Qian, Shutong Wu, Yingwen Wu, Zhixing Ye, Hend Alzahrani, and Zhengbao He.
Invited Talks
- Security Seminar (UC Berkeley), 2024
Prompt Injection Defenses by Structured Queries and Alignment Training - TMLR Young Scientist Seminar (Hong Kong Baptist University), 2024
Prompt Injection Defenses by Structured Queries and Alignment Training - ICLR 2023 (oral track), 2023
One-Pixel Shortcut: On the Learning Preference of Deep Neural Networks - Youth Ph.D. Talk (AI Time), 2023
On the Learning Preference of Deep Neural Networks - CVPR 2022 (oral track), 2022
Subspace Adversarial Training - Security Seminar (Northeastern University), 2022
Adversarial Attacks and Defenses
Selected Publications
- Aligning LLMs to Be Robust Against Prompt Injection
Sizhe Chen, Arman Zharmagambetov, Saeed Mahloujifar, Kamalika Chaudhuri, Chuan Guo
[ArXiv Preprint], [Code] - StruQ: Defending Against Prompt Injection with Structured Queries
Sizhe Chen, Julien Piet, Chawin Sitawarin, David Wagner
[USENIX Security’25], [Code] - One-Pixel Shortcut: On the Learning Preference of Deep Neural Networks
Shutong Wu*, Sizhe Chen*, Cihang Xie, Xiaolin Huang
[ICLR’23 (Spotlight)], [Code] - Adversarial Attack on Attackers: Post-Process to Mitigate Black-Box Score-Based Attacks
Sizhe Chen, Zhehao Huang, Qinghua Tao, Yingwen Wu, Cihang Xie, Xiaolin Huang
[NeurIPS’22], [Code] - Universal Adversarial Attack on Attention and the Resulting Dataset DAmageNet
Sizhe Chen, Zhengbao He, Chengjin Sun, Jie Yang, Xiaolin Huang
[TPAMI’22], [Code] - Subspace Adversarial Training
Tao Li, Yingwen Wu, Sizhe Chen, Kun Fang, Xiaolin Huang
[CVPR’22 (Oral)], [Code]
Services
- Reviewer: SaTML’25, CCS’24, ICML’24, NeurIPS’23, ICLR’23/24/25, CVPR’23/24, ICCV’23, ECCV’22/24, IEEE TPAMI, Machine Learning, Pattern Recognition
- UC Berkeley Computer Science Faculty Hiring Committee: 2024
- UC Berkeley Equal Access to Application Assistance (EAAA) Program Reviewer: 2024
Misc
- I love to lift weights, write blogs, play badminton, and attend concerts.
- I directed three 1K-spectator concerts.