π§ Who I Am
π Hi there! Iβm a Ph.D. student at Zhejiang University, working under the guidance of Shengyu Zhang and Keting Yin.
π¬ My research focuses on LLM/Agent Security, specifically:
- Adversarial Attacks, Knowledge Poisoning and Test-Time Attack targeting agents
- Robust Agent and Guardrails against emerging threats
π‘ Iβm passionate about making AI systems more secure and trustworthy as they become increasingly integrated into our daily lives.
π€ If youβre interested in my work or have ideas for collaboration, feel free to reach out via email.
π¬ News
π Publications
Graph2Eval: Automatic Multimodal Task Generation for Agents via Knowledge Graphs
Yurun Chen, Xavier Hu, Yuhan Liu, Ziqi Wang, Zeyi Liao, Lin Chen, Feng Wei, Yuxi Qian, Bo Zheng, Keting Yin, Shengyu Zhang
We propose Graph2Eval, a knowledge graphβbased framework that automatically generates both multimodal document comprehension tasks and web interaction tasks, enabling comprehensive eval- uation of agentsβ reasoning, collaboration, and interactive capabilities.
EcoAgent: An Efficient Edge-Cloud Collaborative Multi-Agent Framework for Mobile Automation
Biao Yi, Xavier Hu, Yurun Chen, Shengyu Zhang, Hongxia Yang, Fan Wu, Fei Wu
We propose EcoAgent, an Edge-Cloud Collaborative multi-agent framework for mobile automation that features a closed-loop collaboration among cloud-based Planning Agent and edge-based Execution and Observation Agents. Experiments on AndroidWorld show that EcoAgent achieves task success rates comparable to cloud-based mobile agents while significantly reducing MLLM token consumption, enabling efficient and practical mobile automation.
Evaluating the Robustness of Multimodal Agents Against Active Environmental Injection Attacks
Yurun Chen, Xavier Hu, Keting Yin, Juncheng Li, Shengyu Zhang
This work introduces Active Environment Injection Attacks (AEIA), where attackers disguise malicious inputs as environmental elements to manipulate AI agents' decisions. By analyzing Android OS interactions, the study reveals two key vulnerabilities and proposes the AEIA-MN attack, which achieves up to 93% success against advanced MLLM-based agents.
OS Agents: A Survey on MLLM-based Agents for General Computing Devices Use
Xueyu Hu, Tao Xiong, Biao Yi, Zishu Wei, Ruixuan Xiao, Yurun Chen etc.
This survey explores OS Agentsβ(M)LLM-based agents that operate within OS environments (e.g., GUI, CLI) on computers, phones, and browsers to automate tasks. It reviews their core components, construction methods, evaluation benchmarks, and outlines key challenges and future directions.
IEEE Transactions on Information Forensics and Security, 2025
View PaperIEEE Transactions on Mobile Computing, 2025
View PaperIEEE Transactions on Services Computing, 2024
View Paper
π Preprints
GUI-PRA: Process Reward Agent for GUI Tasks
Tao Xiong, Xavier Hu, Yurun Chen, Yuhang Liu, Changqiao Wu, Pengzhi Gao, Wei Liu, Jian Luan, Shengyu Zhang
To overcome the "lost in the middle" phenomenon and the lack of GUI change awareness in standard Process Reward Models (PRMs), we introduce GUI-PRA, a judge agent that employs a dynamic memory mechanism and an adaptive UI perception mechanism to provide more accurate process rewards for GUI tasks.
HarmonyGuard: Toward Safety and Utility in Web Agents via Adaptive Policy Enhancement and Dual-Objective Optimization
Yurun Chen, Xavier Hu, Yuhan Liu, Keting Yin, Juncheng Li, Zhuosheng Zhang, Shengyu Zhang
We propose HarmonyGuard, a multi-agent collaborative framework that leverages policy enhancement and objective optimization to jointly improve both utility and safety in web agents. Extensive evaluations show that HarmonyGuard improves policy compliance by up to 38% and task completion by up to 20% over existing baselines, while achieving over 90% policy compliance across all tasks.
SafePred: A Predictive Guardrail for Computer-Using Agents via World Models
Yurun Chen, Zeyi Liao, Ping Yin, Taotao Xie, Keting Yin, Shengyu Zhang
We introduce SafePred, a predictive guardrail for CUAs that goes beyond reactive safeguards to anticipate both short- and long-term risks. We predict future risks and guide decisions through step-level interventions and task-level re-planning, ensuring safer agent behavior. Our experiments show we can reduce high-risk actions by over 97% while improving task performance by up to 21%.
π Honors and Awards
- 2025.06 Received the title of Outstanding Graduate of Beijing and the title of Top 100 Graduates of BJUT.
- 2024.10 Received Xiaomi Scholarship.
- 2024.09 Received National Scholarship.
- 2023.08 Provincial Second Prize in the Graduate Electronic Design Competition.
- 2023.02 Excellence Award in CCF&ATEC First Undergraduate Blockchain Security, Privacy Technology, and Innovative Application Competition.
π€ Collaborators
- Juncheng Li - Zhejiang University
- Xavier Hu - Zhejiang University
- Biao Yi - Zhejiang University
- Yuhan Liu - Xiamen University
π― Reviewer Service
- Conference Reviewer: ACLβ25, AAAIβ26.