Guanhong Tao

I am an Assistant Professor in Kahlert School of Computing at University of Utah. My research focuses on the security and safety of AI-enabled systems, aiming to empower system providers and individual users to counteract attacks. I am broadly interested in a range of topics in security and privacy relating to machine learning, including adversarial generative AI, security/privacy of LLM agents, and machine learning for security. My projects are consistently published in conferences such as IEEE S&P / USENIX Security / CCS / NDSS, NeurIPS / ICML / ICLR / CVPR, and ICSE / FSE. I am a recipient of NVIDIA Academic Grant Award (2025), Maurice H. Halstead Memorial Award (2023), and ACM SIGPLAN Distinguished Paper Award (2019). I obtained my Ph.D. from Purdue University under the supervision of Dr. Xiangyu Zhang.

News

Oct, 2025	Our paper on secure code generation got accepted to ICSE 2026. Congrats to Shih-Chieh!
Oct, 2025	I am honored to receive CCS 2025 Top Reviewers Award!
Sep, 2025	Our backdoor attacks against RL agents is accepted to NeurIPS 2025. Congrats to Xuan!
Aug, 2025	Our work on detecting AI-generated text origin is to appear in EMNLP 2025. Congrats to Hanxi!

Selected Publications

ICSE

Rethinking the Evaluation of Secure Code Generation

Shih-Chieh Dai, Jun Xu, and Guanhong Tao

In Proceedings of the 48th International Conference on Software Engineering, Rio de Janeiro, Brazil, 2026

Bib PDF

@inproceedings{dai2026rethinking,
  author = {Dai, Shih-Chieh and Xu, Jun and Tao, Guanhong},
  title = {Rethinking the Evaluation of Secure Code Generation},
  year = {2026},
  publisher = {Association for Computing Machinery},
  booktitle = {Proceedings of the 48th International Conference on Software Engineering},
  location = {Rio de Janeiro, Brazil},
  series = {ICSE '26},
}

S&P

Alleviating the Fear of Losing Alignment in LLM Fine-tuning

Kang Yang, Guanhong Tao, Xun Chen, and Jun Xu

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, USA, 2025

Bib PDF

@inproceedings{yang2025alleviating,
  title = {Alleviating the Fear of Losing Alignment in LLM Fine-tuning},
  author = {Yang, Kang and Tao, Guanhong and Chen, Xun and Xu, Jun},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, USA},
  organization = {IEEE Computer Society},
}

S&P

BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target

Guangyu Shen, Siyuan Cheng, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, USA, 2025

Bib PDF

@inproceedings{shen2025bait,
  title = {BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target},
  author = {Shen, Guangyu and Cheng, Siyuan and Zhang, Zhuo and Tao, Guanhong and Zhang, Kaiyuan and Guo, Hanxi and Yan, Lu and Jin, Xiaolong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, USA},
  organization = {IEEE Computer Society},
}

NeurIPS

BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens

Hanxi Guo, Siyuan Cheng, Xiaolong Jin, Zhuo Zhang, Kaiyuan Zhang, Guanhong Tao, Guangyu Shen, and Xiangyu Zhang

In Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems, Vancouver, Canada, 2024

Bib PDF

@inproceedings{guo2024biscope,
  title = {BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens},
  author = {Guo, Hanxi and Cheng, Siyuan and Jin, Xiaolong and Zhang, Zhuo and Zhang, Kaiyuan and Tao, Guanhong and Shen, Guangyu and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems},
  year = {2024},
  location = {Vancouver, Canada},
}

S&P

On Large Language Models’ Resilience to Coercive Interrogation

Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{zhang2024large,
  title = {On Large Language Models’ Resilience to Coercive Interrogation},
  author = {Zhang, Zhuo and Shen, Guangyu and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {252--252},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

CVPR

Better Trigger Inversion Optimization in Backdoor Scanning

Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Oral Bib PDF Code

4.2% (344/8161) submissions are accepted with an oral presentation.

@inproceedings{tao2022better,
  title = {Better Trigger Inversion Optimization in Backdoor Scanning},
  author = {Tao, Guanhong and Shen, Guangyu and Liu, Yingqi and An, Shengwei and Xu, Qiuling and Ma, Shiqing and Li, Pan and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {13368--13378},
  year = {2022},
  location = {New Orleans, LA, USA},
}

Awards & Honors

CCS 2025 Top Reviewers Award, 2025
NVIDIA Academic Grant Award, 2025
Maurice H. Halstead Memorial Research Award, Apr 2023
ECCV 2022 AROW Workshop Best Paper Award, Oct 2022
ICLR Highlighted Reviewer, Apr 2022
CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists, Nov 2021
ACM SIGPLAN Distinguished Paper Award, Oct 2019

Students

Shih-Chieh Dai
Soumil Datta (co-advised with Dr. Daniel Brown)
Kang Yang (co-advised with Dr. Jun Xu)
Wanjing Han (co-advised with Dr. Mu Zhang)

Teaching

CS 6958 / CS 4960: Machine Learning Security, University of Utah, Fall 2024, 2025
CS 5956: Intro to Machine Learning, University of Utah, Spring 2025
Guest Lecture, COMPSCI 360: Introduction to Computer and Network Security, UMass Amherst, Spring 2024
Guest Lecture, CS 431: Software Engineering, Rutgers University, Spring 2023
Guest Lecture, CS 529: Security Analytics, Purdue University, Fall 2019 - 2020, 2022 - 2023

Services

Program Chair / Organizer
- BANDS The 1st ICLR Workshop on Backdoor Attacks and Defenses in Machine Learning
- AISCC NDSS 2024 Workshop on AI System with Confidential Computing
Program Committee / Reviewer
- S&P IEEE Symposium on Security and Privacy: 2025, 2026
- USENIX USENIX Security Symposium: 2026
- CCS ACM Conference on Computer and Communications Security: 2025 (Top Reviewers), 2026
- SaTML IEEE Conference on Secure and Trustworthy Machine Learning: 2025, 2026
- NeurIPS Conference on Neural Information Processing Systems: 2021 - 2025
- ICML International Conference on Machine Learning: 2021 - 2025
- ICLR International Conference on Learning Representations: 2022 (Highlighted) - 2026
- CVPR IEEE/CVF Conference on Computer Vision and Pattern Recognition: 2022, 2023, 2025
- ICCV International Conference on Computer Vision: 2023, 2025
- ECCV European Conference on Computer Vision: 2022
- ACL Annual Meeting of the Association for Computational Linguistics: 2023, 2025
- EMNLP Conference on Empirical Methods in Natural Language Processing: 2023
- AAAI Annual AAAI Conference on Artificial Intelligence: 2024, 2026
- AISTATS International Conference on Artificial Intelligence and Statistics: 2025
- RAID International Symposium on Research in Attacks, Intrusions and Defenses: 2024
- FSE ACM Symposium on the Foundations of Software Engineering: 2023 (Artifact Evaluation)
- DLSP Deep Learning Security and Privacy Workshop (co-located with S&P): 2025
- LLMapp International Workshop on LLM App Store Analysis (co-located with FSE): 2025
- SATA NeurIPS Workshop on Towards Safe & Trustworthy Agents: 2024
- AGI ICLR AGI Workshop: 2024
- DPML ICLR Workshop on Distributed and Private Machine Learning: 2021
- TDSC IEEE Transactions on Dependable and Secure Computing
- TIFS IEEE Transactions on Information Forensics & Security
- TSE IEEE Transactions on Software Engineering
- TOSEM ACM Transactions on Software Engineering and Methodology
- TOPS ACM Transactions on Privacy and Security
- TMLR Transactions on Machine Learning Research
- ASE Automated Software Engineering (Springer)

Acknowledgements

We are very grateful to the following organizations for their generous support of our research (listed in alphabetical order).

NSF NVIDIA Open Philanthropy