DUANYI YAO
AI Security · Trustworthy ML · Agentic Systems

Duanyi Yao

I am a postdoctoral researcher at the CMU Safe AI Lab, where I work on blockchain agent validation — building agentic AI systems that audit and verify on-chain transactions. My broader research studies the safety and security of machine learning systems, spanning multimodal models, federated learning, and agentic AI. I completed my PhD at HKUST, advised by Prof. Songze Li and Prof. Yangqiu Song.

Portrait of Duanyi Yao
Research
What I work on

My research studies how modern AI systems fail — and how to make them safer. I uncover vulnerabilities in vision-language models and federated learning systems, design privacy-preserving and robust learning methods, and build agentic AI systems for high-stakes domains such as blockchain security and automated DeFi auditing.

LLM/VLM Safety

Backdoors, memorization, hidden behaviors, evaluation, and safety risks in multimodal foundation models.

Federated Learning Security

Privacy attacks, reconstruction risks, adversarial robustness, and secure vertical federated learning.

Agentic AI for Security

Auditable LLM agents, dynamic validation graphs, and failure attribution for security-critical workflows.

Trustworthy ML Systems

Building reliable ML pipelines that connect algorithmic guarantees with practical deployment constraints.

Experience
Research appointments
Postdoctoral Researcher · Carnegie Mellon University

Building agentic AI systems for blockchain agent validation — integrating graph-of-thought reasoning with on-chain validation pipelines for automated DeFi auditing. Also developing RL-based autonomous agents with intrinsic-motivation skill discovery.

Blockchain Agent Validation Agentic AI Reinforcement Learning
Research Scientist Consultant · NAVA Labs

Built an auditable LLM validation agent for DeFi security with node-level failure attribution. Designed a graph-based validation pipeline evaluated on 18K+ transactions across three protocols.

LLM Agents DeFi Security Failure Attribution
Research Intern · Ant Group

Developed Hidden Ads, a behavior-triggered semantic backdoor attack for advertisement injection in vision-language models, revealing emerging multimodal threat vectors.

VLM Security Backdoor Attacks Multimodal AI
Selected Publications
Full list on Google Scholar
Hidden Ads: Behavior-Triggered Semantic Backdoors for Advertisement Injection in Vision–Language Models
Under Review D. Yao, C. Li, Z. Huang, C. Hong, S. Li
Auditable LLM Arbiter for DeFi Security: A Hybrid Graph-of-Thoughts Approach to Intent–Transaction Alignment
NDSS LAST-X '26 D. Yao, S. Jagannath, B. Aroso, V. Krishnan, D. Zhao
URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning
NDSS 2025 D. Yao, S. Li, X. Gong, S. Hou, G. Pan
DeDe: Detecting Backdoor Samples for SSL Encoders via Decoders
CVPR 2025 S. Hou, S. Li, D. Yao
Constructing Adversarial Examples for Vertical Federated Learning: Optimal Client Corruption through Multi-Armed Bandit
ICLR 2024 D. Yao, S. Li, Y. Xue, J. Liu
HiFGL: A Hierarchical Framework for Cross-silo Cross-device Federated Graph Learning
KDD 2024 Z. Guo, D. Yao, Q. Yang, H. Liu
PrivLM-Bench: A Multi-Level Privacy Evaluation Benchmark for Language Models
ACL 2024 H. Li, D. Guo, D. Li, et al., D. Yao, Y. Yao, Y. Song
FedVS: Straggler-Resilient and Privacy-Preserving Vertical Federated Learning for Split Models
ICML 2023 S. Li, D. Yao, J. Liu
Skills & Service
Technical profile
Research
LLM/VLM safety, adversarial robustness, privacy-preserving ML, vertical federated learning, reinforcement learning, agentic AI, blockchain security.
Engineering
Python, PyTorch, distributed training, DeepSpeed, Docker, Git, W&B, LLM evaluation pipelines, agentic LLM systems.
Service
Reviewer for NeurIPS, ICLR, ICML, AISTATS, IEEE TPDS · Local Arrangement Chair, IAVVC 2024.
Education
Ph.D. in Computer Science, HKUST, 2021–2026 · B.E. in Electronic Information Engineering, UESTC, 2017–2021.

Research interests meet real-world security.

I am interested in research scientist, applied scientist, and ML/security roles where I can build trustworthy AI systems — especially at the intersection of foundation models, autonomous agents, privacy, and security-critical applications.