Yiwei Lu

I am the Director of the Safe ML Lab and an Assistant Professor at the University of Ottawa, cross-appointed by the School of Engineering Design and Teaching Innovation and the School of Electrical Engineering and Computer Science, and a faculty affiliate at the Vector Institute. My research focuses on trustworthy machine learning — particularly its reliability, security, and robustness. I am currently working on the following directions:

Data poisoning attacks — understanding attacks in foundational settings (e.g., attack difficulty^1,2,3) and real-world scenarios such as LLM post-training⁴, data protection⁵, reasoning, and generative engine optimization⁶.
Neural network memorization — including memorization in diffusion models⁷, membership inference attacks, and agentic memory, together with mitigation methods such as machine unlearning^8,9.
Mechanistic interpretability for large language models — I am actively recruiting students for this direction.
Interdisciplinary research at the intersection of machine learning and healthcare, psychology, and broader LLM evaluation.

I am actively recruiting students. If you are interested in working with me on one of the above directions or the broader area of trustworthy machine learning, please see the Prospective Students page for more information.

Education & Background

I obtained my Ph.D. in the David R. Cheriton School of Computer Science at the University of Waterloo, where I was fortunate to be advised by Prof. Yaoliang Yu and Dr. Sun Sun. During my Ph.D., I was also a student researcher at the Vector Institute, a research affiliate of The Salon with Prof. Gautam Kamath, and a research associate at the National Research Council of Canada and Huawei Noah's Ark Lab in Montreal. Previously, I completed my M.Sc. in Computer Science at the University of Manitoba, advised by Prof. Yang Wang. I received my bachelor's degree at the University of Electronic Science and Technology of China, and was an exchange student at UC Santa Barbara.

News

Jun 2026: New paper on arXiv: Sequential Data Poisoning in LLM Post-Training.
May 2026: I co-organized the Data and Model Protection (DMP) workshop at Canadian AI / CRV 2026 in SFU, Vancouver.
Nov 2025: One paper accepted to AAAI 2026. Paper: Demystifying Foreground-Background Memorization in Diffusion Models.
Sep 2025: BridgePure accepted to NeurIPS 2025. Paper: BridgePure: Revealing the Fragility of Black-box Data Protection.
Sep 2025: New paper on arXiv: Not All Samples Are Equal: Quantifying Instance-level Difficulty in Targeted Data Poisoning.
Sep 2025: I have officially joined the University of Ottawa as an Assistant Professor.
Sep 2025: I am now affiliated with the Vector Institute as a Faculty Affiliate.
Aug 2025: Paper accepted to TMLR: MUC: Machine Unlearning for Contrastive Learning with Black-box Evaluation.
Jan 2025: One paper accepted to ICLR 2025.