Guanhong Tao

I am an Assistant Professor in Kahlert School of Computing at University of Utah. My research focuses on the security and safety of AI-enabled systems, aiming to empower system providers and individual users to counteract attacks. I am broadly interested in a range of topics in security and privacy relating to machine learning, including adversarial generative AI, security/privacy of LLM agents, and machine learning for security. My projects are consistently published in conferences such as IEEE S&P / USENIX Security / CCS / NDSS, NeurIPS / ICML / ICLR / CVPR, and ICSE / FSE. I am a recipient of NVIDIA Academic Grant Award (2025), Maurice H. Halstead Memorial Award (2023), and ACM SIGPLAN Distinguished Paper Award (2019). I obtained my Ph.D. from Purdue University under the supervision of Dr. Xiangyu Zhang.

News

Sep, 2025	Our backdoor attacks against RL agents is accepted to NeurIPS 2025. Congrats to Xuan!
Aug, 2025	Our work on detecting AI-generated text origin is to appear in EMNLP 2025. Congrats to Hanxi!
Jul, 2025	We are proud to announce that Open Philanthropy is supporting our work!
Apr, 2025	Our paper on threat modeling of LLM applications got accepted to FSE LLMapp Workshop.

Selected Publications

S&P

Alleviating the Fear of Losing Alignment in LLM Fine-tuning

Kang Yang, Guanhong Tao, Xun Chen, and Jun Xu

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, USA, 2025

Bib PDF

@inproceedings{yang2025alleviating,
  title = {Alleviating the Fear of Losing Alignment in LLM Fine-tuning},
  author = {Yang, Kang and Tao, Guanhong and Chen, Xun and Xu, Jun},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, USA},
  organization = {IEEE Computer Society},
}

S&P

BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target

Guangyu Shen, Siyuan Cheng, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, USA, 2025

Bib PDF

@inproceedings{shen2025bait,
  title = {BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target},
  author = {Shen, Guangyu and Cheng, Siyuan and Zhang, Zhuo and Tao, Guanhong and Zhang, Kaiyuan and Guo, Hanxi and Yan, Lu and Jin, Xiaolong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, USA},
  organization = {IEEE Computer Society},
}

NeurIPS

BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens

Hanxi Guo, Siyuan Cheng, Xiaolong Jin, Zhuo Zhang, Kaiyuan Zhang, Guanhong Tao, Guangyu Shen, and Xiangyu Zhang

In Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems, Vancouver, Canada, 2024

Bib PDF

@inproceedings{guo2024biscope,
  title = {BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens},
  author = {Guo, Hanxi and Cheng, Siyuan and Jin, Xiaolong and Zhang, Zhuo and Zhang, Kaiyuan and Tao, Guanhong and Shen, Guangyu and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems},
  year = {2024},
  location = {Vancouver, Canada},
}

S&P

On Large Language Models’ Resilience to Coercive Interrogation

Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{zhang2024large,
  title = {On Large Language Models’ Resilience to Coercive Interrogation},
  author = {Zhang, Zhuo and Shen, Guangyu and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {252--252},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

CVPR

Better Trigger Inversion Optimization in Backdoor Scanning

Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Oral Bib PDF Code

4.2% (344/8161) submissions are accepted with an oral presentation.

@inproceedings{tao2022better,
  title = {Better Trigger Inversion Optimization in Backdoor Scanning},
  author = {Tao, Guanhong and Shen, Guangyu and Liu, Yingqi and An, Shengwei and Xu, Qiuling and Ma, Shiqing and Li, Pan and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {13368--13378},
  year = {2022},
  location = {New Orleans, LA, USA},
}

CCS

ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation

Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, and Xiangyu Zhang

In Proceedings of the 26th ACM Conference on Computer and Communications Security, London, United Kingdom, 2019

Bib PDF

@inproceedings{liu2019abs,
  author = {Liu, Yingqi and Lee, Wen-Chuan and Tao, Guanhong and Ma, Shiqing and Aafer, Yousra and Zhang, Xiangyu},
  title = {ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation},
  booktitle = {Proceedings of the 26th ACM Conference on Computer and Communications Security},
  series = {CCS '19},
  year = {2019},
  isbn = {978-1-4503-6747-9},
  location = {London, United Kingdom},
  pages = {1265--1282},
  numpages = {18},
  url = {http://doi.acm.org/10.1145/3319535.3363216},
  doi = {10.1145/3319535.3363216},
  acmid = {3363216},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {ai trojan attacks, artificial brain stimulation, deep learning system},
}

Awards & Honors

NVIDIA Academic Grant Award, 2025
Maurice H. Halstead Memorial Research Award, Apr 2023
ECCV 2022 AROW Workshop Best Paper Award, Oct 2022
ICLR Highlighted Reviewer, Apr 2022
CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists, Nov 2021
ACM SIGPLAN Distinguished Paper Award, Oct 2019

Students

Shih-Chieh Dai
Soumil Datta
Kang Yang (co-advised with Dr. Jun Xu)
Wanjing Han (co-advised with Dr. Mu Zhang)

Teaching

CS 6958 / CS 4960: Machine Learning Security, University of Utah, Fall 2024 - 2025
CS 5956: Intro to Machine Learning, University of Utah, Spring 2025
Guest Lecture, COMPSCI 360: Introduction to Computer and Network Security, UMass Amherst, Spring 2024
Guest Lecture, CS 431: Software Engineering, Rutgers University, Spring 2023
Guest Lecture, CS 529: Security Analytics, Purdue University, Fall 2019 - 2020, 2022 - 2023

Services

Program Chair / Organizer
- BANDS The 1st ICLR Workshop on Backdoor Attacks and Defenses in Machine Learning
- AISCC NDSS 2024 Workshop on AI System with Confidential Computing
Program Committee / Reviewer
- S&P IEEE Symposium on Security and Privacy: 2025, 2026
- USENIX USENIX Security Symposium: 2026
- CCS ACM Conference on Computer and Communications Security: 2025
- SaTML IEEE Conference on Secure and Trustworthy Machine Learning: 2025, 2026
- RAID International Symposium on Research in Attacks, Intrusions and Defenses: 2024
- FSE ACM Symposium on the Foundations of Software Engineering: 2023 (Artifact Evaluation)
- NeurIPS Conference on Neural Information Processing Systems: 2021 - 2025
- ICML International Conference on Machine Learning: 2021 - 2025
- ICLR International Conference on Learning Representations: 2022 (Highlighted) - 2026
- CVPR IEEE/CVF Conference on Computer Vision and Pattern Recognition: 2022, 2023, 2025
- ECCV European Conference on Computer Vision: 2022
- ICCV International Conference on Computer Vision: 2023, 2025
- ACL Annual Meeting of the Association for Computational Linguistics: 2023, 2025
- EMNLP Conference on Empirical Methods in Natural Language Processing: 2023
- AISTATS International Conference on Artificial Intelligence and Statistics: 2025
- AAAI Annual AAAI Conference on Artificial Intelligence: 2024, 2026
- DLSP Deep Learning Security and Privacy Workshop (co-located with S&P): 2025
- LLMapp International Workshop on LLM App Store Analysis (co-located with FSE): 2025
- SATA NeurIPS Workshop on Towards Safe & Trustworthy Agents: 2024
- AGI ICLR AGI Workshop: 2024
- DPML ICLR Workshop on Distributed and Private Machine Learning: 2021
- TDSC IEEE Transactions on Dependable and Secure Computing
- TIFS IEEE Transactions on Information Forensics & Security
- TSE IEEE Transactions on Software Engineering
- TOPS ACM Transactions on Privacy and Security
- TMLR Transactions on Machine Learning Research
- ASE Automated Software Engineering (Springer)