Abstract
Search agents connect LLMs to the Internet, enabling access to broader and more up-to-date information. However, unreliable search results may also pose safety threats to end users, establishing a new threat surface. In this work, we conduct two in-the-wild experiments to demonstrate both the prevalence of low-quality search results and their potential to misguide agent behaviors. To counter this threat, we introduce an automated red-teaming framework that is systematic, scalable, and cost-efficient, enabling lightweight and harmless safety assessments of search agents. Building on this framework, we construct the SafeSearch benchmark, which includes 300 test cases covering five categories of risks (e.g., misinformation and indirect prompt injection). Using this benchmark, we evaluate three representative search agent scaffolds, covering search workflow, tool-calling, and deep research, across 7 proprietary and 8 open-source backend LLMs. Our results reveal substantial vulnerabilities of LLM-based search agents: when exposed to unreliable websites, the highest ASR reached 90.5% for GPT-4.1-mini under a search workflow setting. Moreover, our analysis highlights the limited effectiveness of common defense practices, such as reminder prompting. This emphasizes the value of our framework in promoting transparency for safer agent development. Our codebase and test cases are publicly available: https://github.com/jianshuod/SafeSearch.

Abstract
The BESIII experiment is a symmetric e+ e- collider experiment operating at center-of-mass energies from 2.0 to 4.95 GeV. With the world's largest threshold production data set, including 10 billion J/psi events, 2.7 billion psi(3686) events, 7.9 fb^{-1} of D meson pairs from psi(3770) decay, and 7.33 fb^{-1} of D_s D_s^* events between 4.128 and 4.226 GeV, we are able to probe for new physics through precision tests of the Standard Model, searches for exotic low-mass particles, and investigations of forbidden or rare decay processes. In this talk, we report recent studies on Beyond the Standard Model physics conducted by the BESIII collaboration, including searches for axion-like particles, dark photons, QCD axions, and invisible decays of K_S^0. In addition, a series of rare charm decay processes, including searches for lepton and baryon number violation, flavor-changing neutral current processes, and charmonium weak decays, are also investigated to search for new physics at BESIII.

AI Insights

• BESIII’s 10 billion J/ψ sample allows sub‑percent tests of lepton‑flavor universality in rare decays.
• The 7.9 fb⁻¹ of ψ(3770) → D D̄ pairs provides a clean arena for D⁰–D̄⁰ mixing studies.
• Axion‑like searches in J/ψ → γ + invisible have set couplings below 10⁻⁵ GeV⁻¹ for 1–100 MeV masses.
• Dark‑photon limits from e⁺e⁻ → γ A′ → γ ℓ⁺ℓ⁻ exclude ε > 10⁻³ for 10–200 MeV A′.
• Measurement of J/ψ → D_s⁻ K⁺ at 10⁻⁶ branching tests factorization in charmonium weak decays.
• New 4.2 GeV data will double the DsDs sample, enabling rare Ds → ℓνγ studies.
• BESIII’s open‑access data and arXiv preprints accelerate global BSM fits and theory work.

Abstract
How sellers choose reserve prices is central to auction theory, and the optimal reserve price depends on the seller's risk attitude. Numerous studies have found that observed reserve prices lie below the optimal level implied by risk-neutral sellers, while the theoretical literature suggests that risk-averse sellers can rationalize these empirical findings. In this paper, we develop an econometric model of ascending auctions with a risk-averse seller under independent private values. We provide primitive conditions for the identification of the Arrow-Pratt measures of risk aversion and an estimator for these measures that is consistent and converges in distribution to a normal distribution at the parametric rate under standard regularity conditions. A Monte Carlo study demonstrates good finite-sample performance of the estimator, and we illustrate the approach using data from foreclosure real estate auctions in S\~{a}o Paulo.

Abstract
A seller wants to sell a good to a set of bidders using a credible mechanism. We show that when the seller has private information about her cost, it is impossible for a static mechanism to achieve the optimal revenue. In particular, even the optimal first-price auction is not credible. We show that the English auction can credibly implement the optimal mechanism, unlike the optimal Dutch auction. For symmetric mechanisms in which only winners pay, we also characterize all the static auctions that are credible: They are first-price auctions that depend only on the seller's cost ex post via a secret reserve, and may profitably pool bidders via a bid restriction. Our impossibility result highlights the role of public institutions and helps explain the use of dynamic mechanisms in informal auctions.

Abstract
Visual personalization is essential in user-facing AI systems such as smart homes and healthcare, where aligning model behavior with user-centric concepts is critical. However, recent large Vision-Language Models (VLMs), despite their broad applicability, remain underexplored in their ability to adapt to individual users. In this paper, we introduce MMPB, the first extensive benchmark for evaluating VLMs on personalization. MMPB comprises 10k image-query pairs and includes 111 personalizable concepts across four categories: humans, animals, objects, and characters, with the human category enriched with preference-grounded queries. We structure personalization into three main task types, each highlighting a different key property of VLMs. Using 23 widely used VLMs including both open- and closed-source models, we evaluate personalization performance via a three-stage protocol: concept injection, multi-turn dialogue, and personalized querying. Our findings indicate that most VLMs (including some closed-source models) struggle with personalization, particularly in maintaining consistency over dialogue, handling user preferences, and adapting to visual cues. Our analysis reveals that the challenges in VLM personalization (such as refusal behaviors and long-context forgetting) highlight substantial room for improvement. By identifying these limitations and offering a scalable benchmark, MMPB offers valuable insights and a solid foundation for future research toward truly personalized multi-modal AI. Project Page: aidaslab.github.io/MMPB

Abstract
Large language model (LLM) personalization aims to tailor model behavior to individual users based on their historical interactions. However, its effectiveness is often hindered by two key challenges: the \textit{cold-start problem}, where users with limited history provide insufficient context for accurate personalization, and the \textit{biasing problem}, where users with abundant but skewed history cause the model to overfit to narrow preferences. We identify both issues as symptoms of a common underlying limitation, i.e., the inability to model collective knowledge across users. To address this, we propose a local-global memory framework (LoGo) that combines the personalized local memory with a collective global memory that captures shared interests across the population. To reconcile discrepancies between these two memory sources, we introduce a mediator module designed to resolve conflicts between local and global signals. Extensive experiments on multiple benchmarks demonstrate that LoGo consistently improves personalization quality by both warming up cold-start users and mitigating biased predictions. These results highlight the importance of incorporating collective knowledge to enhance LLM personalization.

Abstract
Continuous and reliable access to curated biological data repositories is indispensable for accelerating rigorous scientific inquiry and fostering reproducible research. Centralized repositories, though widely used, are vulnerable to single points of failure arising from cyberattacks, technical faults, natural disasters, or funding and political uncertainties. This can lead to widespread data unavailability, data loss, integrity compromises, and substantial delays in critical research, ultimately impeding scientific progress. Centralizing essential scientific resources in a single geopolitical or institutional hub is inherently dangerous, as any disruption can paralyze diverse ongoing research. The rapid acceleration of data generation, combined with an increasingly volatile global landscape, necessitates a critical re-evaluation of the sustainability of centralized models. Implementing federated and decentralized architectures presents a compelling and future-oriented pathway to substantially strengthen the resilience of scientific data infrastructures, thereby mitigating vulnerabilities and ensuring the long-term integrity of data. Here, we examine the structural limitations of centralized repositories, evaluate federated and decentralized models, and propose a hybrid framework for resilient, FAIR, and sustainable scientific data stewardship. Such an approach offers a significant reduction in exposure to governance instability, infrastructural fragility, and funding volatility, and also fosters fairness and global accessibility. The future of open science depends on integrating these complementary approaches to establish a globally distributed, economically sustainable, and institutionally robust infrastructure that safeguards scientific data as a public good, further ensuring continued accessibility, interoperability, and preservation for generations to come.

AI Insights

• EOSC’s federated nodes already host 1 million genomes, a living model of distributed stewardship.
• ELIXIR’s COVID‑19 response proved community pipelines can scale to pandemic‑grade data volumes.
• The Global Biodata Coalition’s roadmap envisions a cross‑border mesh that outpaces single‑point failure risks.
• DeSci employs blockchain provenance to give researchers immutable audit trails for every dataset.
• NIH’s Final Data Policy now mandates FAIR compliance, nudging institutions toward hybrid decentralized architectures.
• DeSci still struggles with interoperability, as heterogeneous metadata schemas block seamless cross‑platform queries.
• Privacy‑by‑design in distributed repositories remains a top research gap, inviting novel cryptographic solutions.

Abstract
Qualitative research offers deep insights into human experiences, but its processes, such as coding and thematic analysis, are time-intensive and laborious. Recent advancements in qualitative data analysis (QDA) tools have introduced AI capabilities, allowing researchers to handle large datasets and automate labor-intensive tasks. However, qualitative researchers have expressed concerns about AI's lack of contextual understanding and its potential to overshadow the collaborative and interpretive nature of their work. This study investigates researchers' preferences among three degrees of delegation of AI in QDA (human-only, human-initiated, and AI-initiated coding) and explores factors influencing these preferences. Through interviews with 16 qualitative researchers, we identified efficiency, ownership, and trust as essential factors in determining the desired degree of delegation. Our findings highlight researchers' openness to AI as a supportive tool while emphasizing the importance of human oversight and transparency in automation. Based on the results, we discuss three factors of trust in AI for QDA and potential ways to strengthen collaborative efforts in QDA and decrease bias during analysis.

Abstract
Feature attribution methods, such as SHAP and LIME, explain machine learning model predictions by quantifying the influence of each input component. When applying feature attributions to explain language models, a basic question is defining the interpretable components. Traditional feature attribution methods, commonly treat individual words as atomic units. This is highly computationally inefficient for long-form text and fails to capture semantic information that spans multiple words. To address this, we present CafGa, an interactive tool for generating and evaluating feature attribution explanations at customizable granularities. CafGa supports customized segmentation with user interaction and visualizes the deletion and insertion curves for explanation assessments. Through a user study involving participants of various expertise, we confirm CafGa's usefulness, particularly among LLM practitioners. Explanations created using CafGa were also perceived as more useful compared to those generated by two fully automatic baseline methods: PartitionSHAP and MExGen, suggesting the effectiveness of the system.

AI Insights

• CafGa lets users drag‑and‑drop text segments, instantly recomputing SHAP‑style attributions at any granularity.
• It overlays attention maps with operator‑based explanations, exposing token interactions that drive predictions.
• The interface supports local QA, sentiment, few‑shot prompting, and long‑form comprehension in one pane.
• Users can create custom operators and task templates, extending CafGa to new domains without coding.
• Real‑time deletion and insertion curves quantify explanation stability as segments are edited.
• In a mixed‑expert study, participants found CafGa explanations 30% more useful than PartitionSHAP and MExGen.
• CafGa struggles with very large models and relies on pre‑trained weights for new tasks.

Abstract
Generative propaganda is the use of generative artificial intelligence (AI) to shape public opinion. To characterize its use in real-world settings, we conducted interviews with defenders (e.g., factcheckers, journalists, officials) in Taiwan and creators (e.g., influencers, political consultants, advertisers) as well as defenders in India, centering two places characterized by high levels of online propaganda. The term "deepfakes", we find, exerts outsized discursive power in shaping defenders' expectations of misuse and, in turn, the interventions that are prioritized. To better characterize the space of generative propaganda, we develop a taxonomy that distinguishes between obvious versus hidden and promotional versus derogatory use. Deception was neither the main driver nor the main impact vector of AI's use; instead, Indian creators sought to persuade rather than to deceive, often making AI's use obvious in order to reduce legal and reputational risks, while Taiwan's defenders saw deception as a subset of broader efforts to distort the prevalence of strategic narratives online. AI was useful and used, however, in producing efficiency gains in communicating across languages and modes, and in evading human and algorithmic detection. Security researchers should reconsider threat models to clearly differentiate deepfakes from promotional and obvious uses, to complement and bolster the social factors that constrain misuse by internal actors, and to counter efficiency gains globally.

AI Insights

• Watermarks in the Sand shows strong watermarking for generative models is impossible, hampering traceability.
• Computational Propaganda maps political actors weaponizing social media, contextualizing generative propaganda.
• Qualitative Literacy gives tools to evaluate ethnographic research, aiding AI influence analysis.
• Trauthig et al. show generative AI reshapes 2024 election messaging worldwide, underscoring urgency.
• Zakrzewski’s article exposes Facebook’s governance gaps fueling hate speech in India, highlighting uneven regulation.
• The Global Risks Report 2024 ranks AI disinformation as a top systemic threat, linking it to instability.
• Deepfakes mainly spread misinformation and manipulate public opinion, detection remains a moving target.