Zikui Cai

I am a postdoctoral associate at University of Maryland, College Park working with Furong Huang and Tom Goldstein. I obtained my Ph.D. from Electrical and Computer Engineering at the University of California, Riverside, under the guidance of M. Salman Asif. Originally from Wuhan, the "River City" of China, I completed my B.S. in Automation at Wuhan University of Technology. I am currently on the job market for faculty and research positions starting in Fall 2026.

My research focuses on understanding and enabling reliable long-horizon behavior in autonomous agents and robotic systems, with an emphasis on memory, adaptation, and robustness through interaction with the environment.

Research Interests

    World Modeling and Multimodal Reasoning
  • Multi-modal reasoning across vision, language, and action [ MORSE, Zebra-COT ]
  • Embodied AI for navigation and manipulation in robotics [ TraceGen ]
    • Safety, Alignment, and Model Adaptation
  • Agentic safety and alignment in multi-agent ecosystems [ AegisLLM ]
  • Controllable and safe AI via model editing and unlearning [ SLUG, Robust Eval ]
  • Enhancing user privacy via de-identification while preserving utility [ Disguise ]
    • Robust Perception and Decision-Making
  • Exposing model vulnerabilities via efficient blackbox attacks [ BASES, EBAD, Context-Aware-Attacks, ZQA ]
  • Detecting adversarial attacks using language models [ SCENE-Lang ]
  • Improving physical sensing via end-to-end optimization [ Learn PR, Learn CDI ]

News

  • [Mar. 2026] Low-Frequency Trap on VLM Temporal Reasoning Evaluation has been accepted to ICLR 2026 ICBNB @ Rio de Janeiro.
  • [Feb. 2026] TraceGen on 3D Trace Generation for Robotic Manipulation has been accepted to CVPR 2026 @ Denver.
  • [Jan. 2026] Zebra-CoT on Interleaved Vision-Language Reasoning has been accepted to ICLR 2026 @ Rio de Janeiro.
  • [Jun. 2025] Our paper on Efficient Training for VLM has been accepted to ICCV 2025 @ Honolulu.
  • [Jun. 2025] Our paper on Model Tampering Attack for Robust Evaluation has been accepted to TMLR.
  • [May 2025] Our paper SLUG on Efficient Unlearning has been accepted to ICML 2025 @ Vancouver.
  • [Mar. 2025] AegisLLM on Agentic System for Safety has been accepted to ICLR 2025 BuildingTrust @ Singapore.
  • [Oct. 2024] Our papers on Efficient and Robust Unlearning are accepted to NeurIPS 2024 SafeGenAI @ Vancouver.
  • [Sept. 2024] Our paper on Cross-modality Safety Alignment is accepted to EMNLP 2024 @ Miami.
  • [Jul. 2024] Excited to join UMD UMIACS as a postdoc, working on Advanced Autonomous Robotics.
  • [Dec 2023] Our paper on Face De-identification is accepted to AAAI 2024 @ Vancouver.
  • [May 2023] Acknowledged as CVPR 2023 Outstanding Reviewer.
  • [May 2023] Recognized as Outstanding Teaching Assistant by ECE Graduate Division for 2023.
  • [Apr. 2023] Received Dissertation Year Program Fellowship 2023/2024.
  • [Feb. 2023] Our paper EBAD is accepted to CVPR 2023 @ Vancouver.
  • [Feb. 2023] Received HEERF Dissertation Year Program Award 2022/2023.
  • [Feb. 2023] Our paper BASES is accepted to NeurIPS 2022 @ New Orleans.
  • [Jun. 2022] Presenting our paper ZQA at CVPR 2022 @ New Orleans.

Selected Publications

Low-Frequency Trap: Evaluating Temporal Reasoning Failures in Vision-Language Models
Sarvesh Baskar*, Muhammad R. Islam*, Zikui Cai†, Ankit Nakhawa, Anirudh Satheesh, Tom Goldstein, Furong Huang
ICLR 2026 ICBNB
paper
TraceGen: World Modeling in 3D Trace Space Enables Learning from Cross-Embodiment Videos
Seungjae Lee, Yoonkyo Jung, Inkook Chun, Yao-Chih Lee, Zikui Cai, Hongjia Huang, Aayush Talreja, Tan Dat Dao, Yongyuan Liang, Jia-Bin Huang, Furong Huang
CVPR 2026
arxiv code
Zebra-CoT: A Dataset for Interleaved Vision-Language Reasoning
Ang Li*, Charles Wang*, Deqing Fu*, Kaiyu Yue*, Zikui Cai*, Wang Bill Zhu*, Ollie Liu*, Peng Guo*, Willie Neiswanger, Furong Huang, Tom Goldstein, Micah Goldblum
ICLR 2026
arxiv dataset
Targeted Unlearning with Single Layer Unlearning Gradient
Zikui Cai, Yaoteng Tan, M Salman Asif
ICML 2025
arxiv code
AegisLLM: Scaling Agentic Systems for Self-Reflective Defense in LLM Security
Zikui Cai, Shayan Shabihi, Bang An, Zora Che, Brian R. Bartoldson, Bhavya Kailkhura, Tom Goldstein, Furong Huang
ICLR 2025 BuildingTrust
arxiv code
Model Tampering Attacks Enable More Rigorous Evaluations of LLM Capabilities
Zora Che, Stephen Casper, Robert Kirk, et al.
TMLR 2025
arxiv code
Can Textual Unlearning Solve Cross-Modality Safety Alignment?
Trishna Chakraborty, Erfan Shayegani, Zikui Cai, et al.
EMNLP 2024
arxiv
Disguise without Disruption: Utility-Preserving Face De-Identification
Zikui Cai, Zhongpai Gao, Benjamin Planche, Meng Zheng, Terrence Chen, M. Salman Asif, Ziyan Wu
AAAI 2024
arxiv
Ensemble-based Blackbox Attacks on Dense Prediction
Zikui Cai*, Yaoteng Tan*, M. Salman Asif
CVPR 2023
arxiv code
Blackbox Attacks via Surrogate Ensemble Search
Zikui Cai, Chengyu Song, Srikanth V. Krishnamurthy, Amit K. Roy-Chowdhury, M. Salman Asif
NeurIPS 2022
arxiv code poster slides talk
Zero-Query Transfer Attacks on Context-Aware Object Detectors
Zikui Cai, Shantanu Rane, Alejandro E. Brito, et al.
CVPR 2022
arxiv open access
Context-Aware Transfer Attacks for Object Detection
Zikui Cai, Xinxin Xie, Shasha Li, et al.
AAAI 2022
arxiv code slides poster talk
Exploiting Multi-Object Relationships for Detecting Adversarial Attacks in Complex Scenes
Mingjun Yin, Shasha Li, Zikui Cai, et al.
ICCV 2021
arxiv open access
Data-Driven Illumination Patterns For Coded Diffraction Imaging
Zikui Cai, Rakib Hyder, M. Salman Asif
ICIP 2021
paper
Solving Phase Retrieval with a Learned Reference
Rakib Hyder*, Zikui Cai*, M. Salman Asif
ECCV 2020
arxiv code