Andrei Baroian

LLM Pre-training → post-training → AI security

I'm a MSc Computer Science - AI student at Leiden University, currently doing my thesis at SPY Lab (ETH Zurich) on prompt injection attacks, supervised by Jie Zhang and Florian Tramèr. I'm also part of the Robotics Safety Division at ETH Robotics Club, working on adversarial attacks against VLA models in humanoid robots.

My past research includes LLM pre-training (exploring architectural variants) and LLM post-training (speeding up GRPO training with Prompt Reuse), with smaller projects in LLM quantization and mechanistic interpretability. I also work as a data engineer at Akida and was a Teaching Assistant at Leiden University.

Excited about autoresearch. High agency.

Research & Projects

MSc Thesis: (Image) Prompt Injection In Progress

SPY Lab, ETH Zurich — Supervised by Jie Zhang and Florian Tramèr

Feb 2026 – Present

Working on a simple yet effective prompt injection defense. Concurrently exploring prompt injection attacks on OpenClaw agents, designing self-propagating worm attacks that modify agents' internal goal files and spread to other agents.

Adversarial Attacks on VLA Models in Humanoid Robots In Progress

ETH Robotics Club — Robotics Safety Division

Jan 2026 – Present

Creating adversarial attacks against Vision-Language-Action (VLA) models in humanoid robots. Investigating how visual perturbations can override task instructions and induce harmful behaviors.

Prompt Replay: Speeding Up GRPO

arXiv:2603.21177

Sep 2025 – Mar 2026

LLM RLVR post-training. An overhead-free online data selection method for GRPO that reuses and prioritizes prompts (not trajectories) to preserve on-policy optimization. Buffers medium-difficulty prompts near a 50% pass rate to maximize learning signal, reducing zero-variance prompts and accelerating early training gains. Tested on 3B and 8B models.

arXiv

Crown, Frame, Reverse: Layer-Wise Scaling Variants for LLM Pre-Training

arXiv:2509.06518

Apr – Jul 2025

Explored architectural variants that redistribute capacity across transformer layers during pre-training. Introduced three layer-wise scaling patterns using linear interpolation of FFN widths and attention head counts. Pre-trained 180M parameter models on 5B tokens; all variants converged to better performance than an equal-cost isotropic baseline.

arXiv

Experience

Robotics Safety Researcher, ETH Robotics Club Jan 2026 – Present

ETH Zurich, Zurich

Part of Robotics Safety division of ETHRC. Exploring adversarial attacks and defenses of VLA models in humanoid robots.

Teaching Assistant, Automated Machine Learning Sep 2025 – Jan 2026

Leiden University

Grade assignments and provide feedback.
Guide students in selecting, understanding, and presenting research papers.

Data Engineer Mar 2025 – Present

Akida, The Hague

Build LLM-powered pipelines (Gemini API) that turn unstructured sources into structured data products for customers (500M documents/year); own code, tests, and Azure deployments end-to-end.
Develop filtering and classification logic using heuristics and GenAI to detect construction projects across public-sector sources.
Build the extraction pipeline for summarization and structured information retrieval, producing the core data product.
Design annotation workflows and LLM evaluation.
Deploy to staging and production on Azure; monitor production pipelines.

Education

Exchange Semester — MSc Thesis at SPY Lab Feb 2026 – Jul 2026

ETH Zurich, Switzerland

Adversarial attacks on vision-language models. Supervised by Jie Zhang and Florian Tramèr.

MSc Computer Science: Artificial Intelligence Aug 2024 – Jul 2026

Leiden University, The Netherlands — GPA: 8.5/10

Notable grades: Seminar in Deep Reinforcement Learning (10), Deep Learning (9.0), Seminar in Deep Learning (9.0), Natural Language Processing (9.0).

BSc Entrepreneurship & Business Innovation Sep 2021 – Jul 2024

Tilburg University, The Netherlands