About Me
I am a seasoned software research and development professional with extensive experience in the fields of AIML (artificial intelligence and machine learning), information security and data privacy, and modern large-scale computing infrastructures. Currently, I serve as a technical lead in the Security Department at ByteDance, where I lead initiatives in LLM and LLM Agent security, as well as the development of security and privacy infrastructures for machine learning and big data.
Throughout my career, I have led and delivered several key projects, which have been widely applied both within the companies I've worked for and in commercial scenarios, covering industries such as advertisement, recommendation and finance.
I hold a Ph.D. in Engineering and Computer Science from The Australian National University where my research focused on acceleration and privacy protection in distributed computing, and a Bachelor's degree in Electronic Engineering from Tsinghua University.
I am holding a CISSP certification and have published over 20 academic papers, with representative works in top journals/conferences like NeurIPS, IJCAI, IEEE/ACM Trans. on Networking, and hold dozons of patents related to large language models, security and privacy, and AI infra.
Education
Ph.D. in Engineering and Computer Science
The Australian National University, Australia | 2015 - 2019
Bachelor's Degree in Electronic Engineering
Tsinghua University, China | 2011 - 2015
Employment
Senior Research Engineer and Tech Lead
Security Department, ByteDance | 2020 - Present
Lead LLM and LLM Agent security, secure machine learning infrastructures initiatives. Plan technical direction and drive business collaborations. Technical system design and key component implementation. Oversee system deployment and ensure product shipment.
Senior Software Engineer
Tencent Cloud, Tencent | 2019 - 2020
Led R&D of Tencent Cloud's privacy computing algorithm system, using AI and cryptography to enable secure cross-domain data services.
Experience
LLM Agent Security Project | 2024.9 - Present
Role Technical Lead and Core Developer
Background Addressing the increased security risks of LLM Agent caused by its complex architecture, interaction mechanisms, and characteristics like untrusted environment interaction and ambiguous information boundaries, which expand the system's attack surface.
Key Achievement Launched AgentArmor protection product, made security tech breakthroughs, and gained cloud ecosystem promotion.
LLM Security Project | 2023.12 - 2024.12
Role Technical Lead and Core Developer
Background Mitigating multiple security risks faced by LLM in model training, parameter fine-tuning, and inference applications, such as prompt attacks, sensitive information leakage, and model hallucinations, which threaten business system security compliance and stable operation.
Key Achievement Developed a large model firewall product system, achieved AI interpretability breakthroughs, and completed commercialization from 0-100.
Privacy-Computing-Driven Data Sharing Project | 2020.12 - Present
Role Technical Lead and Core Developer
Background Responding to the balance between privacy and utility in the marketization of data, meeting the significant demand for secure circulation and sharing of highly sensitive and valuable user data among internal downstream business departments and external cooperation institutions in scenarios such as new customer acquisition, targeted advertising, and financial risk control.
Key Achievement Addressed internal compliance across X00+ business scenarios, delivered X00 external ToB projects, developed high-performance cloud-native privacy platform, and innovated in cross-domain and federated model tech.
Skill
Generative AI & Machine Learning
LLM (Large Language Model), LLM Agent, Multi-Agent System, BERT, Transformer, Recommendation System, Finanal Risk Management, XGBoost, Trust and Explainable AI, AI Safety and Security.
Privacy & Data Protection
Differential Privacy, Homomorphic Encryption, Secure Multi-Party Computation, Federated Learning & Analytics, Privacy-Preserving Machine Learning, Data Masking, Anonymization, Pseudonymization, Data Encryption, Privacy by Design, Data Minimization, Data Governance
Information System Security
Threat Modelling, Risk Assessment, Cryptography, Cloud Security, Defense In Depth, Authentication, Authorization, Data Loss Prevention (DLP), Multi-layered Security.
Cloud-Native & Modern Distributed Systems
Spark, Parameter Server, Ray, Kafka, Redis, Hadoop, Kubernetes, Docker, Microservices, Serverless Computing, Function as a Service (FaaS), API GatewayLoad Balancing, Cache, Observability.
System Architecture Design, Design Pattern, Data Structure, Algorithm.
Programming in Python, Go, C++
Publication
AGENTARMOR: Enforcing Program Analysis on Agent Runtime Trace to Defend Against Prompt Injection
arXiv preprint, 2025
The paper presents AgentArmor, a program analysis framework that treats LLM agent runtime traces as structured programs to defend against prompt injection attacks. It converts traces into graph-based intermediate representations (CFG, DFG, PDG) via a graph constructor, enriches them with metadata through a property registry, and enforces security policies using a type system. Evaluated on AgentDojo, it achieves 95.75% TPR and 3.66% FPR, reducing attack success rate to 1.16% with only 6.7% utility loss, outperforming heuristic defenses.
SAP: Privacy-Preserving Fine-Tuning on Language Models with Split-and-Privatize Framework
International Joint Conference on Artificial Intelligence (IJCAI), 2025
The paper proposes the Split-and-Privatize (SAP) framework, combining split learning and differential privacy to tackle privacy issues in MaaS-based PEFT. It introduces the CTI method for balancing utility and privacy. SAP achieves 65% better empirical privacy with only 1% performance drop on Stanford Sentiment Treebank, outperforming baselines.
PubSub-VFL: Towards Efficient Two-Party Split Learning in Heterogeneous Environments via Publisher/Subscriber Architecture
Neural Information Processing Systems (NeurIPS), 2025
The paper proposes PubSub-VFL, a novel Vertical Federated Learning (VFL) paradigm optimized for two-party collaborative learning. It leverages the Publisher/Subscriber (Pub/Sub) architecture and parameter server (PS) architecture to design a hierarchical asynchronous mechanism, addressing low computational resource utilization and training inefficiency in traditional VFL. It also formulates an optimization problem based on participants’ system profiles to mitigate training imbalance from resource and data heterogeneity. Theoretical analysis proves its stable convergence, and extensive experiments on five benchmark datasets show it accelerates training by 2∼7× without compromising accuracy, achieving a computational resource utilization rate of up to 91.07%.
HALUPROBE: Understanding and Detecting Hallucinations in Large Language Models Through Internal State Analysis
arXiv preprint, 2025
The paper introduces HALUPROBE to extract internal states from LLM inference for hallucination detection. It divides the process into three stages and extracts 8 features to analyze sources. Experiments show attention-based features and Sliced Window strategy achieve 87% accuracy on HaluEval, and the framework explores RAG's impact and feature limitations.
Clique Gossiping
IEEE/ACM Transactions on Networking, 2019
The paper proposes a framework for clique gossip protocols, common in social, computer, and engineering networks, defining them as linear node interactions with vector states evolving dynamically.
Network Flows that Solve Least Squares for Linear Equations
Automatica, 2020
The paper introduces a first-order distributed continuous-time algorithm for network linear equation least-squares solutions. It offers convergence results for unique solutions in fixed graphs with nonintegrable step sizes and determines convergence rates.
An Arrow-Hurwicz-Uzawa Type Flow as Least Squares Solver for Network Linear Equations
Automatica, 2019
The paper presents distributed continuous and discrete-time algorithms for solving least squares problems in networked linear equations. It introduces an Arrow-Hurwicz-Uzawa flow, establishing necessary and sufficient conditions for exponential convergence to the least squares solution.