Proleptic Lecturer in AI Safety at University of York

About Me

I am currently a Proleptic Lecturer in AI Safety at Uniersity of York. My research focuses on Trustworthy and Privacy-preserving Machine Learning, particularly around security risks in modern AI systems, e.g., Backdoor Attacks, Membership Inference Attacks, Model Extraction Attacks in Large Language Models, Graph Neural Networks, and Multi-agent Systems. I’ve mostly worked at the intersection of machine learning and security, with the purpose of making modern AI systems more Robust, Secure, and Private.

Before that, I was a Postdoc researcher with the SprintML Lab at CISPA, working with Dr. Franziska Boenisch and Dr. Adam Dziedzic. Prior to that, I obtained my PhD degree with the Cybersecurity group at Delft University of Technology under the supervision of Prof.dr.ir. Inald Lagendijk, Dr. Stjepan Picek and Dr. Frans A. Oliehoek.

Research Interests

  • Security and Privacy of Machine Learning
  • Large Language Models
  • Graph Neural Networks

What’s New

  • [2026.04] I joined the University of York as a Proleptic Lecturer in AI Safety!
  • [2026.04] Joined the Program Committee of ESORICS’26.
  • [2026.03] Our paper titled “ADAGE: Active Defenses Against GNN Extraction” was accepted by AsiaCCS 2026!
  • [2026.02] I gave a talk in the Natural Language Processing (NLP) group, Aalborg University, Copenhagen, Denmark.
  • [2026.01] Our paper titled “Frequency-Domain Model Fingerprinting for Image Autoregressive Models” was accepted by AAAI 2026 Workshop AIGOV!
  • [2025.09] Our paper titled “Finding Memo(rization) in Graph Neural Networks” was accepted by NeurIPS 2025!
  • [2025.05] Our paper titled “Efficient and Privacy-Preserving Soft Prompt Transfer for LLMs” was accepted by ICML 2025!

Selected Publications

  • ADAGE: Active Defenses Against GNN Extraction. Jing Xu, Franziska Boenisch, Adam Dziedzic; AsiaCCS 2026. [arXiv]
  • Memorization in Graph Neural Networks. Adarsh Jamadandi*, Jing Xu, Adam Dziedzic, Franziska Boenisch; NeurIPS 2025. [arXiv]
  • Efficient and Privacy-Preserving Soft Prompt Transfer for LLMs. Xun Wang*, Jing Xu, Franziska Boenisch, Michael Backes, Christopher A. Choquette-Choo, Adam Dziedzic; ICML 2025. [PDF]
  • DP-GPL: Differentially Private Graph Prompt Learning. Jing Xu, Franziska Boenisch, Iyiola Emmanuel Olatunji, Adam Dziedzic; ICLR Workshop on Foundation Models in the Wild 2025. [PDF]
  • Watermarking Graph Neural Networks based on Backdoor Attacks. Jing Xu, Stefanos Koffas, Oguzhan Ersoy, Stjepan Picek; Euro S&P 2023. [PDF]
  • More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks. Jing Xu, Rui Wang, Kaitai Liang, Stjepan Picek; ACSAC 2022. [PDF]
  • Explainability-based backdoor attacks against graph neural networks. Jing Xu, Minhui(Jason) Xue, Stjepan Picek; WiseML 2021. [PDF]