Guanhong Tao

I am an Assistant Professor in Kahlert School of Computing at University of Utah. My research focuses on the security and safety of AI-enabled systems, aiming to empower system providers and individual users to counteract attacks. I am broadly interested in a range of topics in security and privacy relating to machine learning, including adversarial generative AI, security/privacy of LLM agents, and machine learning for security. My projects are consistently published in conferences such as IEEE S&P / USENIX Security / CCS / NDSS, NeurIPS / ICML / ICLR / CVPR, and ICSE / FSE. I am a recipient of Maurice H. Halstead Memorial Award (2023), ECCV AROW Workshop Best Paper Award (2022), and ACM SIGPLAN Distinguished Paper Award (2019).

I obtained my Ph.D. from Purdue University under the supervision of Dr. Xiangyu Zhang. I received my bachelor’s degree from Zhejiang University.

News

Dec, 2024	Our project is awarded an NVIDIA Academic Grant. Thank you for the support!
Oct, 2024	One paper accepted to NeurIPS 2024 Workshop Red Teaming GenAI
Sep, 2024	One paper on detecting AI-generated text got accepted to NeurIPS 2024
Sep, 2024	Our paper on detecting backdoors in LLMs got accepted to S&P 2025

Selected Publications

S&P

BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target

Guangyu Shen, Siyuan Cheng, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2025

Bib PDF

@inproceedings{shen2025bait,
  title = {BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target},
  author = {Shen, Guangyu and Cheng, Siyuan and Zhang, Zhuo and Tao, Guanhong and Zhang, Kaiyuan and Guo, Hanxi and Yan, Lu and Jin, Xiaolong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

NeurIPS

BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens

Hanxi Guo, Siyuan Cheng, Xiaolong Jin, Zhuo Zhang, Kaiyuan Zhang, Guanhong Tao, Guangyu Shen, and Xiangyu Zhang

In Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems, Vancouver, Canada, 2024

Bib PDF

@inproceedings{guo2024biscope,
  title = {BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens},
  author = {Guo, Hanxi and Cheng, Siyuan and Jin, Xiaolong and Zhang, Zhuo and Zhang, Kaiyuan and Tao, Guanhong and Shen, Guangyu and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems},
  year = {2024},
  location = {Vancouver, Canada},
}

S&P

On Large Language Models’ Resilience to Coercive Interrogation

Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{zhang2024large,
  title = {On Large Language Models’ Resilience to Coercive Interrogation},
  author = {Zhang, Zhuo and Shen, Guangyu and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {252--252},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

S&P

Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security

Guanhong Tao, Yingqi Liu, Guangyu Shen, Qiuling Xu, Shengwei An, Zhuo Zhang, and Xiangyu Zhang

In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

Bib PDF Code

@inproceedings{tao2022model,
  title = {Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security},
  author = {Tao, Guanhong and Liu, Yingqi and Shen, Guangyu and Xu, Qiuling and An, Shengwei and Zhang, Zhuo and Zhang, Xiangyu},
  booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
  pages = {1372--1389},
  year = {2022},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

CVPR

Better Trigger Inversion Optimization in Backdoor Scanning

Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Oral Bib PDF Code

4.2% (344/8161) submissions are accepted with an oral presentation.

@inproceedings{tao2022better,
  title = {Better Trigger Inversion Optimization in Backdoor Scanning},
  author = {Tao, Guanhong and Shen, Guangyu and Liu, Yingqi and An, Shengwei and Xu, Qiuling and Ma, Shiqing and Li, Pan and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {13368--13378},
  year = {2022},
  location = {New Orleans, LA, USA},
}

CCS

ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation

Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, and Xiangyu Zhang

In Proceedings of the 26th ACM Conference on Computer and Communications Security, London, United Kingdom, 2019

Bib PDF

@inproceedings{liu2019abs,
  author = {Liu, Yingqi and Lee, Wen-Chuan and Tao, Guanhong and Ma, Shiqing and Aafer, Yousra and Zhang, Xiangyu},
  title = {ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation},
  booktitle = {Proceedings of the 26th ACM Conference on Computer and Communications Security},
  series = {CCS '19},
  year = {2019},
  isbn = {978-1-4503-6747-9},
  location = {London, United Kingdom},
  pages = {1265--1282},
  numpages = {18},
  url = {http://doi.acm.org/10.1145/3319535.3363216},
  doi = {10.1145/3319535.3363216},
  acmid = {3363216},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {ai trojan attacks, artificial brain stimulation, deep learning system},
  google_scholar_id = {Tyk-4Ss8FVUC},
}

Awards & Honors

Maurice H. Halstead Memorial Research Award, Apr 2023
ECCV 2022 AROW Workshop Best Paper Award, Oct 2022
ICLR Highlighted Reviewer, Apr 2022
CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists, Nov 2021
ACM SIGPLAN Distinguished Paper Award, Oct 2019

Students

Shih-Chieh Dai
Soumil Datta
Kang Yang (co-advised with Dr. Jun Xu)

Teaching

CS 5956: Intro to Machine Learning, University of Utah, Spring 2025
CS 6958 / CS 4960: Machine Learning Security, University of Utah, Fall 2024
Guest Lecture, CS 431: Software Engineering, Rutgers University, Spring 2023
Guest Lecture, CS 529: Security Analytics, Purdue University, Fall 2019, Fall 2020, Fall 2022, Fall 2023
Teaching Assistant, CS 240: Programming in C, Purdue University, Spring 2020
Teaching Assistant, CS 590: Program Analysis For Deep Learning, Purdue University, Fall 2019

Services

Program Chair / Organizer
- BANDS The 1st ICLR Workshop on Backdoor Attacks and Defenses in Machine Learning
- AISCC NDSS 2024 Workshop on AI System with Confidential Computing
Program Committee / Reviewer
- S&P IEEE Symposium on Security and Privacy: 2021 (Shadow), 2025
- CCS ACM Conference on Computer and Communications Security: 2025
- SaTML IEEE Conference on Secure and Trustworthy Machine Learning: 2025
- RAID International Symposium on Research in Attacks, Intrusions and Defenses: 2024
- FSE ACM Symposium on the Foundations of Software Engineering: 2023 (Artifact Evaluation)
- NeurIPS Conference on Neural Information Processing Systems: 2021, 2022, 2023, 2024
- ICML International Conference on Machine Learning: 2021, 2022, 2023, 2024, 2025
- ICLR International Conference on Learning Representations: 2022 (Highlighted), 2023, 2024, 2025
- CVPR IEEE/CVF Conference on Computer Vision and Pattern Recognition: 2022, 2023, 2025
- ECCV European Conference on Computer Vision: 2022
- ICCV International Conference on Computer Vision: 2023
- ACL Annual Meeting of the Association for Computational Linguistics: 2023, 2025
- EMNLP Conference on Empirical Methods in Natural Language Processing: 2023
- AISTATS International Conference on Artificial Intelligence and Statistics: 2025
- AAAI Annual AAAI Conference on Artificial Intelligence: 2024
- DLSP Deep Learning Security and Privacy Workshop (co-located with S&P): 2025
- LLMapp International Workshop on LLM App Store Analysis (co-located with FSE): 2025
- SATA NeurIPS Workshop on Towards Safe & Trustworthy Agents: 2024
- DPML ICLR Workshop on Distributed and Private Machine Learning: 2021
- AGI ICLR AGI Workshop: 2024
- TDSC IEEE Transactions on Dependable and Secure Computing
- T-IFS IEEE Transactions on Information Forensics & Security
- TOPS ACM Transactions on Privacy and Security
- TMLR Transactions on Machine Learning Research