Guanhong Tao

"There is only one heroism in the world: to see the world as it is and to love it." ― Romain Rolland

I am an Assistant Professor in Kahlert School of Computing at University of Utah. My research focuses on the security and safety of AI-enabled systems, aiming to empower system providers and individual users to counteract attacks and biases. I am broadly interested in a range of topics in security and privacy relating to machine learning, including backdoor threats, adversarial generative AI, and machine learning for security. My projects are consistently published in conferences such as IEEE S&P / USENIX Security / CCS / NDSS, NeurIPS / ICML / ICLR / CVPR, and ICSE / FSE. I am a recipient of Maurice H. Halstead Memorial Award, ECCV AROW Workshop Best Paper Award (2022), and ACM SIGPLAN Distinguished Paper Award (2019).

I obtained my Ph.D. from Purdue University under the supervision of Xiangyu Zhang. I received my bachelor’s degree from Zhejiang University.

I am looking for students interested in security and privacy at the intersection of machine learning and traditional systems. If you are interested in this research direction, please drop me an email with your CV and transcripts.

News

Oct, 2024	One paper accepted to NeurIPS 2024 Workshop Red Teaming GenAI
Sep, 2024	One paper on detecting AI-generated text got accepted to NeurIPS 2024
Sep, 2024	Our paper on detecting backdoors in LLMs got accepted to S&P 2025
Aug, 2024	Our work on exploring inherent backdoors got accepted to ACSAC 2024

Selected Publications

S&P

BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target

Guangyu Shen, Siyuan Cheng, Zhuo Zhang, Guanhong Tao, Kaiyuan Zhang, Hanxi Guo, Lu Yan, Xiaolong Jin, Shengwei An, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2025

Bib

@inproceedings{shen2025bait,
  title = {BAIT: Large Language Model Backdoor Scanning by Inverting Attack Target},
  author = {Shen, Guangyu and Cheng, Siyuan and Zhang, Zhuo and Tao, Guanhong and Zhang, Kaiyuan and Guo, Hanxi and Yan, Lu and Jin, Xiaolong and An, Shengwei and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy},
  year = {2025},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

NeurIPS

BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens

Hanxi Guo, Siyuan Cheng, Xiaolong Jin, Zhuo Zhang, Kaiyuan Zhang, Guanhong Tao, Guangyu Shen, and Xiangyu Zhang

In Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems, Vancouver, Canada, 2024

Bib

@inproceedings{guo2024biscope,
  title = {BiScope: AI-generated Text Detection by Checking Memorization of Preceding Tokens},
  author = {Guo, Hanxi and Cheng, Siyuan and Jin, Xiaolong and Zhang, Zhuo and Zhang, Kaiyuan and Tao, Guanhong and Shen, Guangyu and Zhang, Xiangyu},
  booktitle = {Proceedings of Thirty-Eighth Conference on Neural Information Processing Systems},
  year = {2024},
  location = {Vancouver, Canada},
}

S&P

Distribution Preserving Backdoor Attack in Self-supervised Learning

Guanhong Tao*, Zhenting Wang*, Shiwei Feng, Guangyu Shen, Shiqing Ma, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF Code

@inproceedings{tao2023distribution,
  title = {Distribution Preserving Backdoor Attack in Self-supervised Learning},
  author = {Tao*, Guanhong and Wang*, Zhenting and Feng, Shiwei and Shen, Guangyu and Ma, Shiqing and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

S&P

On Large Language Models’ Resilience to Coercive Interrogation

Zhuo Zhang, Guangyu Shen, Guanhong Tao, Siyuan Cheng, and Xiangyu Zhang

In Proceedings of the 45th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2024

Bib PDF

@inproceedings{zhang2024large,
  title = {On Large Language Models’ Resilience to Coercive Interrogation},
  author = {Zhang, Zhuo and Shen, Guangyu and Tao, Guanhong and Cheng, Siyuan and Zhang, Xiangyu},
  booktitle = {Proceedings of the 45th IEEE Symposium on Security and Privacy},
  pages = {252--252},
  year = {2024},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

S&P

Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security

Guanhong Tao, Yingqi Liu, Guangyu Shen, Qiuling Xu, Shengwei An, Zhuo Zhang, and Xiangyu Zhang

In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 2022

Bib PDF Code

@inproceedings{tao2022model,
  title = {Model Orthogonalization: Class Distance Hardening in Neural Networks for Better Security},
  author = {Tao, Guanhong and Liu, Yingqi and Shen, Guangyu and Xu, Qiuling and An, Shengwei and Zhang, Zhuo and Zhang, Xiangyu},
  booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy},
  pages = {1372--1389},
  year = {2022},
  location = {San Francisco, CA, USA},
  organization = {IEEE Computer Society},
}

CVPR

Better Trigger Inversion Optimization in Backdoor Scanning

Guanhong Tao, Guangyu Shen, Yingqi Liu, Shengwei An, Qiuling Xu, Shiqing Ma, Pan Li, and Xiangyu Zhang

In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, New Orleans, LA, USA, 2022

Oral Bib PDF Code

4.2% (344/8161) submissions are accepted with an oral presentation.

@inproceedings{tao2022better,
  title = {Better Trigger Inversion Optimization in Backdoor Scanning},
  author = {Tao, Guanhong and Shen, Guangyu and Liu, Yingqi and An, Shengwei and Xu, Qiuling and Ma, Shiqing and Li, Pan and Zhang, Xiangyu},
  booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
  pages = {13368--13378},
  year = {2022},
  location = {New Orleans, LA, USA},
}

CCS

ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation

Yingqi Liu, Wen-Chuan Lee, Guanhong Tao, Shiqing Ma, Yousra Aafer, and Xiangyu Zhang

In Proceedings of the 26th ACM Conference on Computer and Communications Security, London, United Kingdom, 2019

Bib PDF

@inproceedings{liu2019abs,
  author = {Liu, Yingqi and Lee, Wen-Chuan and Tao, Guanhong and Ma, Shiqing and Aafer, Yousra and Zhang, Xiangyu},
  title = {ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation},
  booktitle = {Proceedings of the 26th ACM Conference on Computer and Communications Security},
  series = {CCS '19},
  year = {2019},
  isbn = {978-1-4503-6747-9},
  location = {London, United Kingdom},
  pages = {1265--1282},
  numpages = {18},
  url = {http://doi.acm.org/10.1145/3319535.3363216},
  doi = {10.1145/3319535.3363216},
  acmid = {3363216},
  publisher = {ACM},
  address = {New York, NY, USA},
  keywords = {ai trojan attacks, artificial brain stimulation, deep learning system},
  google_scholar_id = {Tyk-4Ss8FVUC},
}

Awards & Honors

Maurice H. Halstead Memorial Research Award, Apr 2023
ECCV 2022 AROW Workshop Best Paper Award, Oct 2022
ICLR Highlighted Reviewer, Apr 2022
CSAW 2021 Best Applied Security Paper Award TOP-10 Finalists, Nov 2021
ACM SIGPLAN Distinguished Paper Award, Oct 2019

Students

Shih-Chieh Dai
Soumil Datta
Kang Yang (co-advised with Jun Xu)

Teaching

CS 6958 / CS 4960: Machine Learning Security, University of Utah, Fall 2024
Guest Lecture, CS 431: Software Engineering, Rutgers University, Spring 2023
Guest Lecture, CS 529: Security Analytics, Purdue University, Fall 2019, Fall 2020, Fall 2022, Fall 2023
Teaching Assistant, CS 240: Programming in C, Purdue University, Spring 2020
Teaching Assistant, CS 590: Program Analysis For Deep Learning, Purdue University, Fall 2019

Services

Program Chair / Organizer
- BANDS The 1st ICLR Workshop on Backdoor Attacks and Defenses in Machine Learning
- AISCC NDSS 2024 Workshop on AI System with Confidential Computing
Program Committee / Reviewer
- S&P IEEE Symposium on Security and Privacy: 2021 (Shadow), 2025
- SaTML IEEE Conference on Secure and Trustworthy Machine Learning: 2025
- RAID International Symposium on Research in Attacks, Intrusions and Defenses: 2024
- FSE ACM Symposium on the Foundations of Software Engineering: 2023 (Artifact Evaluation)
- NeurIPS Conference on Neural Information Processing Systems: 2021, 2022, 2023, 2024
- ICML International Conference on Machine Learning: 2021, 2022, 2023, 2024
- ICLR International Conference on Learning Representations: 2022 (Highlighted), 2023, 2024, 2025
- CVPR IEEE/CVF Conference on Computer Vision and Pattern Recognition: 2022, 2023
- ECCV European Conference on Computer Vision: 2022
- ICCV International Conference on Computer Vision: 2023
- ACL Annual Meeting of the Association for Computational Linguistics: 2023
- EMNLP Conference on Empirical Methods in Natural Language Processing: 2023
- AISTATS International Conference on Artificial Intelligence and Statistics: 2025
- AAAI Annual AAAI Conference on Artificial Intelligence: 2024
- SATA NeurIPS Workshop on Towards Safe & Trustworthy Agents: 2024
- DPML ICLR Workshop on Distributed and Private Machine Learning: 2021
- AGI ICLR AGI Workshop: 2024
- TDSC IEEE Transactions on Dependable and Secure Computing
- T-IFS IEEE Transactions on Information Forensics & Security
- TOPS ACM Transactions on Privacy and Security
- TMLR Transactions on Machine Learning Research