Yating Wu
The University of Texas at Austin
yating.wu@utexas.edu
Bio
Yixin Wu is a final-year Ph.D. student at the CISPA Helmholtz Center for Information Security, advised by Michael Backes and Yang Zhang. Her research focuses on trustworthy AI, particularly exploring vulnerabilities in AI systems, and on the responsible use of AI, especially tracing and detecting downstream use and misuse. Her work has been published in top-tier venues including USENIX Security, CCS, PoPETs, and EMNLP. She was also selected as a 2025 ML and Systems Rising Star and as a Young Researcher at the Heidelberg Laureate Forum.
Areas of Research
- Natural Language and Speech Processing
Question-Based Representations for Reliable and Adaptable Language Models
Emerging AI techniques continue to advance at an unprecedented pace, bringing transformative capabilities that are rapidly reshaping how we create, interact, and decide. Yet alongside this rapid progress comes growing concerns, ranging from unsafe, biased, inaccurate content to unintentional leakage of sensitive data. These issues are fundamentally data-driven, rooted in every stage of the AI lifecycle, from the data curation and training supply chains to the machine learning algorithms, and finally to their downstream applications. My research approaches emerging risks from their origins, aiming to understand how they arise, develop frameworks to measure them, and build novel solutions. First, I assess whether the safety and bias issues in text-to-image models, largely stemming from flawed data curation, have been effectively mitigated throughout model evolution, despite developers’ claims of improvement. Our findings reveal that both issues remain under-addressed, and one has further worsened over time. Second, I demonstrate that security vulnerabilities in the external training supply chain can be exploited to introduce new safety issues. I show that text-to-image models can be manipulated to generate unsafe images using benign prompts. Next, I conduct a systematic measurement of privacy risks arising from training data memorization in visual prompt learning. I demonstrate that although the learned prompt is orders of magnitude smaller than the full model and heavily compresses training data, it can still memorize and leak sensitive information, posing privacy risks. Finally, I turn to the deployment stage of the AI lifecycle, where the reuse of synthetic data, generated by LLMs, may raise growing concerns about societal bias and hallucinated content. To address this, I propose the first auditing framework for detecting whether synthetic data has been used in downstream applications, such as model development, thereby providing transparency into its reuse pathways within the AI lifecycle.