Xiaomeng Li
2026
Into the Gray Zone: Domain Contexts Can Blur LLM Safety Boundaries
Ki Sen Hung | Xi Yang | Chang Liu | Haoran Li | Kejiang Chen | Changxuan Fan | Tsun On Kwok | Weiming Zhang | Xiaomeng Li | Yangqiu Song
Proceedings of the 64th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)
Ki Sen Hung | Xi Yang | Chang Liu | Haoran Li | Kejiang Chen | Changxuan Fan | Tsun On Kwok | Weiming Zhang | Xiaomeng Li | Yangqiu Song
Proceedings of the 64th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)
A central goal of LLM alignment is to balance helpfulness with harmlessness, yet these objectives conflict when the same knowledge serves both legitimate and malicious purposes. This tension is amplified by context-sensitive alignment: we observe that domain-specific contexts (e.g., chemistry) selectively relax defenses for domain-relevant harmful knowledge, while safety-research contexts (e.g., jailbreak studies) trigger broader relaxation spanning all harm categories. To systematically exploit this vulnerability, we propose Jargon, a framework combining safety-research contexts with multi-turn adversarial interactions that achieves attack success rates exceeding 93% across seven frontier models, including GPT-5.2, Claude-4.5, and Gemini-3, substantially outperforming existing methods. Activation space analysis reveals that Jargon queries occupy an intermediate region between benign and harmful inputs, a gray zone where refusal decisions become unreliable. To mitigate this vulnerability, we design a policy-guided safeguard that steers models toward helpful yet harmless responses, and internalize this capability through alignment fine-tuning, reducing attack success rates while preserving helpfulness.
Parallelism and Generation Order in Masked Diffusion Language Models: Limits Today, Potential Tomorrow
Yangyang Zhong | Yanmei Gu | Zhengqing Zang | Xiaomeng Li | Yuqi Ding | Xibei Jia | Yuting Shen | Zhenzhong Lan | Liwang Zhu | Weiping Liu | Junlin Zhou | Haisheng Liu | Zhong Xin Yu | Pengxin Luo | Donglian Qi | Yunfeng Yan | Junbo Zhao
Findings of the Association for Computational Linguistics: ACL 2026
Yangyang Zhong | Yanmei Gu | Zhengqing Zang | Xiaomeng Li | Yuqi Ding | Xibei Jia | Yuting Shen | Zhenzhong Lan | Liwang Zhu | Weiping Liu | Junlin Zhou | Haisheng Liu | Zhong Xin Yu | Pengxin Luo | Donglian Qi | Yunfeng Yan | Junbo Zhao
Findings of the Association for Computational Linguistics: ACL 2026
Masked Diffusion Language Models (MDLMs) promise parallel token generation and arbitrary-order decoding, yet it remains unclear to what extent current models truly realize these capabilities. We characterize MDLM behavior along two dimensions—parallelism strength and generation order—using Average Finalization Parallelism (AFP) and Kendall’s τ. We evaluate eight mainstream MDLMs (up to 100B parameters) on 58 benchmarks spanning knowledge, reasoning, and programming. The results show that MDLMs still lag behind comparably sized autoregressive models, mainly because parallel probabilistic modeling weakens inter-token dependencies. Meanwhile, MDLMs exhibit adaptive decoding behavior: their parallelism and generation order vary significantly with the task domain, the stage of reasoning, and whether the output is correct. On tasks that require “backward information” (e.g., Sudoku), MDLMs adopt a solution order that tends to fill easier Sudoku blanks first, highlighting their advantages. Finally, we provide theoretical motivation and design insights supporting a Generate-then-Edit paradigm, which mitigates dependency loss while retaining the efficiency of parallel decoding.