קולוקוויום וסמינרים

Transition matching (TM) replaces the infinitesimal-timestep kernels from Flow Matching/Diffusion with a generative model, advancing both flow/diffusion and autoregressive models. TM variants achieve state-of-the-art text-to-image generation.

Neta Shaul is a PhD student at the Weizmann Institute of Science under the supervision of Prof. Yaron Lipman. His research focuses on developing and advancing scalable modeling frameworks for generative models. He is interested in a variety of data types from both discrete and continuous domains (text, images, videos, proteins, etc).

Zero-knowledge proofs enable verifying the correctness of computations without revealing any additional information beyond their validity. We focus on proofs that are statistically sound - ensuring that even an unbounded prover cannot convince the verifier of a false statement except with negligible probability, and computationally zero-knowledge. In this work, we study the communication complexity of such proofs. While the original constructions have a large polynomial communication overhead, later works have shown that this overhead can often be significantly reduced.

We show that every NP relation that can be verified by a bounded-depth, polynomial-size circuit or a bounded-space, polynomial-time algorithm have a computational zero-knowledge proof whose communication is only additively larger than the witness length. Our construction relies solely on the minimal assumption that one-way functions exist. Moreover, in some cases we achieve the same while making only a black-box use of the one-way function.

Retrieval-Augmented Generation (RAG) systems enhance large language models (LLMs) with external knowledge but are known to be vulnerable to optimization-based data poisoning, where adversaries inject adversarially augmented passages into the knowledge base.

Such attacks are designed to bias retrieval and generation, leading the system to produce misleading or adversarially steered responses. Existing defenses rely on query-specific passage filtering during inference at either retrieval or generation, inherently incurring latency and redundantly evaluating passages across queries. This results in substantial runtime overhead, which further increases when additional passages are retrieved as substitutions.

We present JUDO, a query-agnostic indexing-time defense that detects and filters poisoned passages at ingestion by measuring the semantic instability that arises when adversarial trigger tokens are removed. We demonstrate that clean passages remain stable under such perturbations, whereas optimized poisoned passages exhibit erratic embedding shifts. Applied once per passage, JUDO filters malicious content without altering the inference pipeline or incurring runtime cost.

We compare our approach to previous defenses against known poisoning attacks and across multiple retrieval and QA benchmarks, achieving state-of-the-art results of 0.8–0.9 F1 and a 70% reduction in attack success rate, thereby providing a practical, zero-overhead defense for securing RAG systems against optimization-based poisoning.