Chuan Guo | 郭川

I am a Research Scientist on the Fundamental AI Research (FAIR) team at Meta. My research focuses on AI security and privacy. Topics that I am actively working on include adversarial and distributional robustness, AI agent security, and privacy-preserving machine learning.

I obtained my PhD from Cornell University, co-advised by Kilian Weinberger and Karthik Sridharan. Prior to that, I obtained my bachelor's and Master's degrees in Mathematics and Computer Science from the University of Waterloo in Canada, advised by Douglas R. Stinson. My Erdös number is 2 as a result of my collaborations with Douglas R. Stinson and Jeffrey O. Shallit.

Email: chuanguo [at] meta [dot] com

[Google Scholar][LinkedIn][GitHub][CV]

Publications

Selected Publications

AdvPrompter: Fast adaptive adversarial prompting for LLMs [paper][code]

Anselm Paulus*, Arman Zharmagambetov*, Chuan Guo, Brandon Amos**, Yuandong Tian**. International Conference on Machine Learning (ICML), 2025.

ViP: A differentially private foundation model for computer vision [paper][code]

Yaodong Yu, Maziar Sanjabi, Yi Ma, Kamalika Chaudhuri, Chuan Guo. International Conference on Machine Learning (ICML), 2024. [Oral presentation]

Do SSL models have déjà vu? A case of unintended memorization in self-supervised learning [paper][code]

Casey Meehan*, Florian Bordes*, Pascal Vincent, Kamalika Chaudhuri**, Chuan Guo**. Conference on Neural Information Processing Systems (NeurIPS), 2023.

Bounding training data reconstruction in private (deep) learning [paper][code][talk]

Chuan Guo, Brian Karrer, Kamalika Chaudhuri, Laurens van der Maaten. International Conference on Machine Learning (ICML), 2022. [Oral presentation]

Gradient-based adversarial attacks against text transformers [paper][code]

Chuan Guo*, Alexandre Sablayrolles*, Hervé Jégou, Douwe Kiela. Conference on Empirical Methods in Natural Language Processing (EMNLP), 2021.

Measuring data leakage in machine-learning models with Fisher information [paper][code][talk]

Awni Hannun, Chuan Guo, Laurens van der Maaten. Conference on Uncertainty in Artificial Intelligence (UAI), 2021. [Best paper award]

Certified data removal from machine learning models [paper][code][talk]

Chuan Guo, Tom Goldstein, Awni Hannun, Laurens van der Maaten. International Conference on Machine Learning (ICML), 2020.

Simple black-box adversarial attacks [paper][code][talk]

Chuan Guo, Jacob R. Gardner, Yurong You, Andrew Gordon Wilson, Kilian Q. Weinberger. International Conference on Machine Learning (ICML), 2019.

Countering adversarial images using input transformations [paper][code]

Chuan Guo, Mayank Rana, Moustapha Cisse, Laurens van der Maaten. International Conference on Learning Representations (ICLR), 2018.

On calibration of modern neural networks [paper][code][talk]

Chuan Guo*, Geoff Pleiss*, Yu Sun*, Kilian Q. Weinberger. International Conference on Machine Learning (ICML), 2017.

2025

AdvPrompter: Fast adaptive adversarial prompting for LLMs [paper][code]

Anselm Paulus*, Arman Zharmagambetov*, Chuan Guo, Brandon Amos**, Yuandong Tian**. International Conference on Machine Learning (ICML), 2025.

Machine learning with privacy for protected attributes [paper]

Saeed Mahloujifar, Chuan Guo, Edward Suh, Kamalika Chaudhuri. IEEE Symposium on Security and Privacy (S&P), 2025.

WASP: Benchmarking web agent security against prompt injection attacks [paper][code]

Ivan Evtimov*, Arman Zharmagambetov*, Aaron Grattafiori, Chuan Guo**, Kamalika Chaudhuri**. ArXiv, 2025.

AgentDAM: Privacy leakage evaluation for autonomous web agents [paper][code]

Arman Zharmagambetov, Chuan Guo*, Ivan Evtimov*, Maya Pavlova, Ruslan Salakhutdinov, Kamalika Chaudhuri. ArXiv, 2025.

Detecting benchmark contaminaton through watermarking [paper]

Tom Sander, Pierre Fernandez, Saeed Mahloujifar, Alain Durmus, Chuan Guo. ArXiv, 2025.

2024

AdvPrefix: An objective for nuanced LLM jailbreaks [paper][code]

Sicheng Zhu, Brandon Amos, Yuandong Tian, Chuan Guo*, Ivan Evtimov*. ArXiv, 2024.

Unlocking visual secrets: Inverting features with diffusion priors for image reconstruction [paper]

Sai Qian Zhang, Ziyun Li, Chuan Guo, Saeed Mahloujifar, Deeksha Dangwal, Edward Suh, Barbara De Salvo, Chiao Liu. ArXiv, 2024.

Measuring déjà vu memorization efficiently [paper]

Narine Kokhlikyan*, Bargav Jayaraman*, Florian Bordes, Chuan Guo, Kamalika Chaudhuri. Conference on Neural Information Processing Systems (NeurIPS), 2024.

Déjà vu memorization in vision-language models [paper][code]

Bargav Jayaraman, Chuan Guo, Kamalika Chaudhuri. Conference on Neural Information Processing Systems (NeurIPS), 2024.

SecAlign: Defending against prompt injection with preference optimization [paper][code]

Sizhe Chen, Arman Zharmagambetov, Saeed Mahloujifar, Kamalika Chaudhuri, David Wagner, Chuan Guo. ArXiv, 2024.

Information flow control in machine learning through modular model architecture [paper]

Trishita Tiwari, Suchin Sri Gururangan, Chuan Guo, Will Hua, Sanjay Kariyappa, Udit Gupta, Wenjie Xiong, Kiwan Maeng, Hsien-Hsin Sean Lee, Edward Suh. USENIX Security Symposium, 2024.

Guarantees of confidentiality via Hammersley-Chapman-Robbins bounds [paper][code]

Kamalika Chaudhuri, Chuan Guo, Laurens van der Maaten, Saeed Mahloujifar, Mark Tygert. Transactions on Machine Learning Research, 2024. [Alphabetical order]

Differentially private representation learning via image captioning [paper][code]

Tom Sander*, Yaodong Yu*, Maziar Sanjabi, Alain Durmus, Yi Ma, Kamalika Chaudhuri, Chuan Guo. International Conference on Machine Learning (ICML), 2024.

ViP: A differentially private foundation model for computer vision [paper][code]

Yaodong Yu, Maziar Sanjabi, Yi Ma, Kamalika Chaudhuri, Chuan Guo. International Conference on Machine Learning (ICML), 2024. [Oral presentation]

Preliminary version presented at Theory and Practice of Differential Privacy (TPDP) Workshop, 2023.

DP-RDM: Adapting diffusion models to private domains without fine-tuning [paper][code]

Jonathan Lebensold, Maziar Sanjabi, Pietro Astolfi, Adriana Romero-Soriano, Kamalika Chaudhuri, Mike Rabbat, Chuan Guo. ArXiv, 2024.

2023

Do SSL models have déjà vu? A case of unintended memorization in self-supervised learning [paper][code]

Casey Meehan*, Florian Bordes*, Pascal Vincent, Kamalika Chaudhuri**, Chuan Guo**. Conference on Neural Information Processing Systems (NeurIPS), 2023.

Bounding the invertibility of privacy-preserving instance encoding using Fisher information [paper]

Kiwan Maeng*, Chuan Guo*, Sanjay Kariyappa, Edward Suh. Conference on Neural Information Processing Systems (NeurIPS), 2023.

Preliminary version presented at NeurIPS International Workshop on Federated Learning, 2022.

Off-distribution public data improves differentially private image generation quality [paper]

Ruihan Wu, Chuan Guo, Kamalika Chaudhuri. ArXiv, 2023.

"Private prediction strikes back!" Private kernelized nearest neighbors with individual Rényi filter [paper][code]

Yuqing Zhu, Xuandong Zhao, Chuan Guo, Yu-Xiang Wang. Conference on Uncertainty in Artificial Intelligence (UAI), 2023. [Spotlight presentation]

Learning To Invert: Simple adaptive attacks for gradient inversion in federated learning [paper][code]

Ruihan Wu*, Xiangyu Chen*, Chuan Guo, Kilian Q. Weinberger. Conference on Uncertainty in Artificial Intelligence (UAI), 2023.

Analyzing privacy leakage in machine learning via multiple hypothesis testing: A lesson from Fano [paper]

Chuan Guo, Alexandre Sablayrolles, Maziar Sanjabi. International Conference on Machine Learning (ICML), 2023.

Cocktail Party Attack: Breaking aggregation-based privacy in federated learning using independent component analysis [paper][code]

Sanjay Kariyappa, Chuan Guo, Kiwan Maeng, Wenjie Xiong, Edward Suh, Moinuddin K. Qureshi, Hsien-Hsin S. Lee. International Conference on Machine Learning (ICML), 2023.

Privacy-aware compression for federated learning through numerical mechanism design [paper][code]

Chuan Guo, Kamalika Chaudhuri, Pierre Stock, Mike Rabbat. International Conference on Machine Learning (ICML), 2023.

Preliminary version presented at NeurIPS International Workshop on Federated Learning, 2022.

Origins of low-dimensional adversarial perturbations [paper]

Elvis Dohmatob, Chuan Guo, Morgane Goibert. International Conference on Artificial Intelligence and Statistics (AISTATS), 2023. [Oral presentation]

Does label differential privacy prevent label inference attacks? [paper]

Ruihan Wu*, Jin Peng Zhou*, Kilian Q. Weinberger, Chuan Guo. International Conference on Artificial Intelligence and Statistics (AISTATS), 2023.

2022

EIFFeL: Ensuring integrity for federated learning [paper]

Amrita Roy Chowdhury, Chuan Guo, Somesh Jha, Laurens van der Maaten. ACM Conference on Computer and Communications Security (CCS), 2022.

Privacy-aware compression for federated data analysis [paper][code]

Kamalika Chaudhuri*, Chuan Guo*, Mike Rabbat. Conference on Uncertainty in Artificial Intelligence (UAI), 2022.

Bounding training data reconstruction in private (deep) learning [paper][code][talk]

Chuan Guo, Brian Karrer, Kamalika Chaudhuri, Laurens van der Maaten. International Conference on Machine Learning (ICML), 2022. [Oral presentation]

SubMix: Practical private prediction for large-scale language models [paper][code]

Antonio A. Ginart, Laurens van der Maaten, James Zou, Chuan Guo. ArXiv, 2022.

On the importance of difficulty calibration in membership inference attacks [paper][code]

Lauren Watson, Chuan Guo, Graham Cormode, Alexandre Sablayrolles. International Conference on Learning Representations (ICLR), 2022.

2021

ReAct: Out-of-distribution detection with rectified activations [paper][code]

Yiyou Sun, Chuan Guo, Yixuan Li. Conference on Neural Information Processing Systems (NeurIPS), 2021.

BulletTrain: Accelerating robust neural network training via boundary example mining [paper]

Weizhe Hua, Yichi Zhang, Chuan Guo, Zhiru Zhang, G. Edward Suh. Conference on Neural Information Processing Systems (NeurIPS), 2021.

Online adaptation to label distribution shift [paper][code]

Ruihan Wu, Chuan Guo, Yi Su, Kilian Q. Weinberger. Conference on Neural Information Processing Systems (NeurIPS), 2021.

Fixes that fail: Self-defeating improvements in machine-learning systems [paper][code]

Ruihan Wu, Chuan Guo, Awni Hannun, Laurens van der Maaten. Conference on Neural Information Processing Systems (NeurIPS), 2021.

Gradient-based adversarial attacks against text transformers [paper][code]

Chuan Guo*, Alexandre Sablayrolles*, Hervé Jégou, Douwe Kiela. Conference on Empirical Methods in Natural Language Processing (EMNLP), 2021.

Byzantine-robust and privacy-preserving framework for FedML [paper]

Hanieh Hashemi, Yongqin Wang, Chuan Guo, Murali Annavaram. ICLR Workshop on Safety and Security in Machine Learning Systems, 2021.

Measuring data leakage in machine-learning models with Fisher information [paper][code][talk]

Awni Hannun, Chuan Guo, Laurens van der Maaten. Conference on Uncertainty in Artificial Intelligence (UAI), 2021. [Best paper award]

Making paper reviewing robust to bid manipulation attacks [paper][code][talk]

Ruihan Wu*, Chuan Guo*, Felix Wu, Rahul Kidambi, Laurens van der Maaten, Kilian Q. Weinberger. International Conference on Machine Learning (ICML), 2021.

Secure multi-party computations in floating-point arithmetic [paper][code]

Chuan Guo, Awni Hannun, Brian Knott, Laurens van der Maaten, Mark Tygert, Ruiyu Zhu. Information and Inference, A Journal of the IMA, iaaa038, 2021. [Alphabetical order]

2016-2020

Certified data removal from machine learning models [paper][code][talk]

Chuan Guo, Tom Goldstein, Awni Hannun, Laurens van der Maaten. International Conference on Machine Learning (ICML), 2020.

On hiding neural networks inside neural networks [paper][code]

Chuan Guo*, Ruihan Wu*, Kilian Q. Weinberger. ArXiv, 2020.

A new defense against adversarial images: Turning a weakness into a strength [paper][code]

Tao Yu*, Shengyuan Hu*, Chuan Guo, Wei-Lun Chao, Kilian Q. Weinberger. Conference on Neural Information Processing Systems (NeurIPS), 2019.

Breaking the glass ceiling for embedding-based classifiers for large output spaces [paper]

Chuan Guo*, Ali Mousavi*, Xiang Wu, Daniel Holtmann-Rice, Satyen Kale, Sashank Reddi, Sanjiv Kumar. Conference on Neural Information Processing Systems (NeurIPS), 2019.

Low frequency adversarial perturbations [paper][code]

Chuan Guo, Jared S. Frank, Kilian Q. Weinberger. Conference on Uncertainty in Artificial Intelligence (UAI), 2019.

Simple black-box adversarial attacks [paper][code][talk]

Chuan Guo, Jacob R. Gardner, Yurong You, Andrew Gordon Wilson, Kilian Q. Weinberger. International Conference on Machine Learning (ICML), 2019.

Countering adversarial images using input transformations [paper][code]

Chuan Guo, Mayank Rana, Moustapha Cisse, Laurens van der Maaten. International Conference on Learning Representations (ICLR), 2018.

An empirical study on evaluation metrics of generative adversarial networks [paper][code]

Qiantong Xu, Gao Huang, Yang Yuan, Chuan Guo, Yu Sun, Felix Wu, Kilian Q. Weinberger. ArXiv, 2018.

On calibration of modern neural networks [paper][code][talk]

Chuan Guo*, Geoff Pleiss*, Yu Sun*, Kilian Q. Weinberger. International Conference on Machine Learning (ICML), 2017.

Discovering and exploiting additive structure for Bayesian optimization [paper][code]

Jacob R. Gardner, Chuan Guo, Kilian Q. Weinberger, Roman Garnett, Roger Grosse. International Conference on Artificial Intelligence and Statistics (AISTATS), 2017.

Supervised word mover's distance [paper][code][talk]

Gao Huang*, Chuan Guo*, Matt J. Kusner, Yu Sun, Kilian Q. Weinberger, Fei Sha. Conference on Neural Information Processing Systems (NeurIPS), 2016. [Oral presentation]

Theses

Doctoral Thesis: Threats and Countermeasures in Machine Learning Applications [pdf]

Committee: Kilian Q. Weinberger, Karthik Sridharan, Thorsten Joachims

Department of Computer Science, Cornell University, 2020

Master's Thesis: Fingerprinting Codes and Related Combinatorial Structures [pdf]

Committee: Douglas R. Stinson, Alfred Menezes, David Jao

Department of Computer Science, University of Waterloo, 2015

Combinatorics

Chuan Guo, Michael Newman. On b-chromatic numbers of Cartesian products. Discrete Applied Mathematics 239, pp. 82–93, 2018.

Chuan Guo, Douglas R. Stinson. A tight bound on the size of certain separating hash families. Australasian Journal of Combinatorics 67, pp. 294–303, 2017.

Chuan Guo, Jeffrey Shallit, Arseny M. Shur. Palindromic rich words and run-length encodings. Information Processing Letters 116, pp. 735–738, 2016.

Chuan Guo, Douglas R. Stinson, Tran van Trung. On symmetric designs and binary 3-frameproof codes. In Springer Proceedings in Mathematics and Statistics: Algebraic Design Theory and Hadamard Matrices (ADTHM), pp. 125–136, 2015.

Chuan Guo, Douglas R. Stinson, Tran van Trung. On tight bounds for binary frameproof codes. Designs, Codes and Cryptography 77, pp. 301–319, 2015.

Page updated

Google Sites

Report abuse