Zihao Zhu

zihaozhu@link.cuhk.edu.cn

Hi, this is Zihao Zhu (朱梓豪). I am currently a Ph.D. candidate in Data Science at The Chinese University of Hong Kong, Shenzhen, under the supervision of Prof. Baoyuan Wu. During my Ph.D., I have been closely collaborating with Prof. Siwei Lyu at the University at Buffalo, SUNY. Previously, I received my Master’s degree from the Institute of Information Engineering at the University of Chinese Academy of Sciences in 2021, and my Bachelor’s degree from China University of Mining and Technology in 2018.

My research focuses on Trustworthy AI, encompassing the safety and reliability of AI systems across multiple dimensions. Specifically, my work covers LLM safety and alignment, reasoning model robustness, embodied AI agent safety, data governance, and adversarial and backdoor attack/defense.

I am currently on the job market and seeking full-time opportunities in academia or industry. I would be delighted to connect if you have relevant openings or suggestions.

News

Jan 30, 2026	Two papers have been accepted to ICLR 2026!
Sep 25, 2025	One open-source project I participated in “Loong: Synthesize Long Chain-of-Thoughts at Scale through Verifiers” has been accepted to NeurIPS 2025 workshop on LAW!
Sep 25, 2025	Our work “To Think or Not to Think: Exploring the Unthinking Vulnerability in Large Reasoning Models” has been accepted to NeurIPS 2025 workshop on FoRLM!
Sep 10, 2025	Our survey “Defenses in adversarial machine learning: A survey” has been accepted to IEEE TPAMI!
Sep 01, 2025	Our survey “Attacks in adversarial machine learning: A systematic survey from the life-cycle perspective” has been accepted to IJCV!

Selected Publications (Full)

ICLR

AdvChain: Adversarial Chain-of-Thought Tuning for Robust Safety Alignment of Large Reasoning Models

Zihao Zhu , Xinyu Wu, Gehan Hu, Siwei Lyu, Ke Xu, and Baoyuan Wu

In International Conference on Learning Representations (ICLR), 2026

Bib PDF

@inproceedings{zhu2026advchain,
  title = {AdvChain: Adversarial Chain-of-Thought Tuning for Robust Safety Alignment of Large Reasoning Models},
  author = {Zhu, Zihao and Wu, Xinyu and Hu, Gehan and Lyu, Siwei and Xu, Ke and Wu, Baoyuan},
  booktitle = {International Conference on Learning Representations (ICLR)},
  year = {2026},
}

ICLR

Reliable Poisoned Sample Detection against Backdoor Attacks Enhanced by Sharpness Aware Minimization

Mingda Zhang, Mingli Zhu, Zihao Zhu , and Baoyuan Wu

In International Conference on Learning Representations (ICLR), 2026

Bib PDF

@inproceedings{zhang2024reliable,
  title = {Reliable Poisoned Sample Detection against Backdoor Attacks Enhanced by Sharpness Aware Minimization},
  author = {Zhang, Mingda and Zhu, Mingli and Zhu, Zihao and Wu, Baoyuan},
  booktitle = {International Conference on Learning Representations (ICLR)},
  year = {2026},
}

NeurIPS

To Think or Not to Think: Exploring the Unthinking Vulnerability in Large Reasoning Models

Zihao Zhu , Hongbao Zhang, Ruotong Wang, Xu Ke, Lyu Siwei, and Baoyuan Wu

In NeurIPS 2025 Workshop on Foundations of Reasoning in Language Models, 2025

Bib PDF Code

@inproceedings{zhu2025unthinking,
  title = {To Think or Not to Think: Exploring the Unthinking Vulnerability in Large Reasoning Models},
  author = {Zhu, Zihao and Zhang, Hongbao and Wang, Ruotong and Ke, Xu and Siwei, Lyu and Wu, Baoyuan},
  booktitle = {NeurIPS 2025 Workshop on Foundations of Reasoning in Language Models},
  year = {2025},
}

TPAMI

Defenses in adversarial machine learning: A survey

Baoyuan Wu, Mingli Zhu, Meixi Zheng, Zihao Zhu , Shaokui Wei, Mingda Zhang, Hongrui Chen, Danni Yuan, Li Liu, and Qingshan Liu

IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2025

Bib PDF

@article{wu2025defenses,
  title = {Defenses in adversarial machine learning: A survey},
  author = {Wu, Baoyuan and Zhu, Mingli and Zheng, Meixi and Zhu, Zihao and Wei, Shaokui and Zhang, Mingda and Chen, Hongrui and Yuan, Danni and Liu, Li and Liu, Qingshan},
  journal = {IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)},
  year = {2025},
}

TPAMI

BlackboxBench: A Comprehensive Benchmark of Black-box Adversarial Attacks

Meixi Zheng, Xuanchen Yan, Zihao Zhu , Hongrui Chen, and Baoyuan Wu

IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2025

Bib PDF Code Website

@article{zheng2025blackboxbench,
  title = {BlackboxBench: A Comprehensive Benchmark of Black-box Adversarial Attacks},
  author = {Zheng, Meixi and Yan, Xuanchen and Zhu, Zihao and Chen, Hongrui and Wu, Baoyuan},
  journal = {IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)},
  year = {2025},
}

IJCV

BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning

Baoyuan Wu, Hongrui Chen, Mingda Zhang, Zihao Zhu , Shaokui Wei, Danni Yuan, Mingli Zhu, Ruotong Wang, Li Liu, and Chao Shen

International Journal of Computer Vision (IJCV), 2025

Bib PDF

@article{wu2025backdoorbench,
  title = {BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning},
  author = {Wu, Baoyuan and Chen, Hongrui and Zhang, Mingda and Zhu, Zihao and Wei, Shaokui and Yuan, Danni and Zhu, Mingli and Wang, Ruotong and Liu, Li and Shen, Chao},
  journal = {International Journal of Computer Vision (IJCV)},
  year = {2025},
}

ICLR

VDC: Versatile Data Cleanser based on Visual-Linguistic Inconsistency by Multimodal Large Language Models

Zihao Zhu , Mingda Zhang, Shaokui Wei, Bingzhe Wu, and Baoyuan Wu

In International Conference on Learning Representations (ICLR), 2024

Bib PDF Code Website

@inproceedings{zhu2024vdc,
  title = {VDC: Versatile Data Cleanser based on Visual-Linguistic Inconsistency by Multimodal Large Language Models},
  author = {Zhu, Zihao and Zhang, Mingda and Wei, Shaokui and Wu, Bingzhe and Wu, Baoyuan},
  booktitle = {International Conference on Learning Representations (ICLR)},
  year = {2024},
}

TPAMI

Versatile Backdoor Attack with Visible, Semantic, Sample-Specific, and Compatible Triggers

Ruotong Wang, Hongrui Chen, Zihao Zhu , Li Liu, and Baoyuan Wu

IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2024

Bib PDF

@article{wang2024versatile,
  title = {Versatile Backdoor Attack with Visible, Semantic, Sample-Specific, and Compatible Triggers},
  author = {Wang, Ruotong and Chen, Hongrui and Zhu, Zihao and Liu, Li and Wu, Baoyuan},
  journal = {IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)},
  year = {2024},
}

NeurIPS

BackdoorBench: A Comprehensive Benchmark of Backdoor Learning

Baoyuan Wu, Hongrui Chen, Mingda Zhang, Zihao Zhu , Shaokui Wei, Danni Yuan, and Hongyuan Zha

In Advances in Neural Information Processing Systems (NeurIPS), 2022

Bib PDF Code Website

@inproceedings{wu2022backdoorbench,
  title = {BackdoorBench: A Comprehensive Benchmark of Backdoor Learning},
  author = {Wu, Baoyuan and Chen, Hongrui and Zhang, Mingda and Zhu, Zihao and Wei, Shaokui and Yuan, Danni and Zha, Hongyuan},
  booktitle = {Advances in Neural Information Processing Systems (NeurIPS)},
  year = {2022},
}

ICASSP

From Shallow to Deep: Compositional Reasoning over Graphs for Visual Question Answering

Zihao Zhu

In IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2022

Bib PDF

@inproceedings{zhu2022shallow,
  title = {From Shallow to Deep: Compositional Reasoning over Graphs for Visual Question Answering},
  author = {Zhu, Zihao},
  booktitle = {IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)},
  year = {2022},
}

Cross-Modal Knowledge Reasoning for Knowledge-based Visual Question Answering

Jing Yu, Zihao Zhu , Yujing Wang, Weifeng Zhang, Yue Hu, and Jianlong Tan

Pattern Recognition (PR), 2020

Bib PDF

@article{yu2020cross,
  title = {Cross-Modal Knowledge Reasoning for Knowledge-based Visual Question Answering},
  author = {Yu, Jing and Zhu, Zihao and Wang, Yujing and Zhang, Weifeng and Hu, Yue and Tan, Jianlong},
  journal = {Pattern Recognition (PR)},
  year = {2020},
}

IJCAI

Mucko: Multi-Layer Cross-Modal Knowledge Reasoning for Fact-based Visual Question Answering

Zihao Zhu , Jing Yu, Yujing Wang, Yajing Sun, Yue Hu, and Qi Wu

In Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI), 2020

Bib PDF

@inproceedings{zhu2020mucko,
  title = {Mucko: Multi-Layer Cross-Modal Knowledge Reasoning for Fact-based Visual Question Answering},
  author = {Zhu, Zihao and Yu, Jing and Wang, Yujing and Sun, Yajing and Hu, Yue and Wu, Qi},
  booktitle = {Proceedings of the International Joint Conference on Artificial Intelligence (IJCAI)},
  year = {2020},
}

Latest Posts

Jan 30, 2026	How to Write a Good Rebuttal