Zonghuan Xu

Fudan University, School of Mathematical Sciences. B.S. in Mathematics and Applied Mathematics, Xianghui Plan, expected 2028.

Contact: 2430XH10002@m.fudan.edu.cn

I am broadly interested in building more capable and trustworthy AI systems by revisiting fundamental assumptions and developing new problem formulations. My recent work spans embodied AI safety, human-grounded evaluation, continual-learning theory, and Human Model for trustworthy AI.

A recurring theme in my work is problem reframing: understanding VLA backdoors as action-level malicious primitives, disinformation evaluation as a question of human reader risk, forgetting as a task-distribution phenomenon, and human-related AI methods as part of a broader Human Model framework.

I am interested in Human Models as a long-term research direction, especially when suitable data, resources, or collaborations become available. More broadly, I aim to develop rigorous research on trustworthy AI and learning systems, combining theoretical analysis with empirical and system-level perspectives.

cv scholar orcid github arxiv openreview researchgate

publications

DropVLA: An Action-Level Backdoor Attack on Vision-Language-Action Models

Xu, Z., Li, J., Zhao, Y., Zheng, X., Ma, X., and Jiang, Y.-G.

arXiv:2510.10932v4, 2026. Under review at IROS 2026.

arXiv code

@misc{xu2026dropvla,
  title={{DropVLA}: An Action-Level Backdoor Attack on Vision-Language-Action Models},
  author={Xu, Zonghuan and Li, J. and Zhao, Y. and Zheng, X. and Ma, X. and Jiang, Y.-G.},
  year={2026},
  eprint={2510.10932},
  archivePrefix={arXiv},
  url={https://arxiv.org/abs/2510.10932},
  note={Under review at IROS 2026}
}

AttackVLA: Benchmarking Adversarial and Backdoor Attacks on Vision-Language-Action Models

Li, J., Zhao, Y., Zheng, X., Xu, Z., Li, Y., Ma, X., and Jiang, Y.-G.

arXiv:2511.12149v1, 2025.

arXiv

@misc{li2025attackvla,
  title={{AttackVLA}: Benchmarking Adversarial and Backdoor Attacks on Vision-Language-Action Models},
  author={Li, J. and Zhao, Y. and Zheng, X. and Xu, Zonghuan and Li, Y. and Ma, X. and Jiang, Y.-G.},
  year={2025},
  eprint={2511.12149},
  archivePrefix={arXiv},
  url={https://arxiv.org/abs/2511.12149}
}

Beyond Surface Judgments: Human-Grounded Risk Evaluation of LLM-Generated Disinformation

Xu, Z., Zheng, X., Wu, Y., and Ma, X.

arXiv:2604.06820v1, 2026. Under review at EMNLP 2026.

arXiv

@misc{xu2026disinformation,
  title={Beyond Surface Judgments: Human-Grounded Risk Evaluation of LLM-Generated Disinformation},
  author={Xu, Zonghuan and Zheng, X. and Wu, Y. and Ma, X.},
  year={2026},
  eprint={2604.06820},
  archivePrefix={arXiv},
  url={https://arxiv.org/abs/2604.06820},
  note={Under review at EMNLP 2026}
}

From Order to Distribution: A Spectral Characterization of Forgetting in Continual Learning

Xu, Z. and Ma, X.

arXiv:2604.13460v1, 2026. Under review at NeurIPS 2026.

arXiv

@misc{xu2026spectralforgetting,
  title={From Order to Distribution: A Spectral Characterization of Forgetting in Continual Learning},
  author={Xu, Zonghuan and Ma, X.},
  year={2026},
  eprint={2604.13460},
  archivePrefix={arXiv},
  url={https://arxiv.org/abs/2604.13460},
  note={Under review at NeurIPS 2026}
}

Human Model: The Missing Piece Toward Trustworthy AGI

Xu, Z., Ma, X., and Jiang, Y.-G.

OpenReview Archive, 2026. Position paper. Under review at NeurIPS 2026 Position Paper Track.

OpenReview

@misc{xu2026humanmodel,
  title={{Human Model}: The Missing Piece Toward Trustworthy AGI},
  author={Xu, Zonghuan and Ma, Xingjun and Jiang, Yu-Gang},
  year={2026},
  note={Position paper. Under review at NeurIPS 2026 Position Paper Track},
  howpublished={OpenReview Archive},
  url={https://openreview.net/forum?id=cnhqB8U1u8}
}

additional projects

World-Model Inputs for Atari Policies

Tested whether Atari policies benefit from world-model summaries in addition to raw observations, including a 26-game x 2-seed Atari100K experiment.

code

Fudan Sports Reservation Automation

Built a CPU-only reservation system with CAPTCHA data collection, neural recognition, segmentation, ordering algorithms, automated booking, and failure logging.

code

Learned Iterative Refinement for Quadratic-Root Prediction

Explored whether neural networks can act as iterative numerical solvers through one-shot baselines, learned refinement blocks, and an RL variant.

code