About the Course
See the syllabus for details. This topics course is designed for graduate students who are interested in the emerging area of AI security and trustworthy machine learning. Modern machine learning systems are increasingly deployed in high-stakes applications, making it essential to understand their vulnerabilities, limitations, and the principles needed to ensure reliability. The goal of this course is to help students develop a solid conceptual and practical foundation in the security and trustworthiness aspects of machine learning by studying core threat models, analyzing state-of-the-art research papers, and working on research-oriented projects.
Instructor: Yao Li
Class: TTH 2:00PM-3:15PM, Hanes 107
Office Hours: W 10:00AM-11:00AM, Hanes 334
Course Material
| Date | Topic | Paper Link | Slides |
|---|---|---|---|
| Aug. 18 | Logistics and Overview | ||
| Aug. 20 | AI Model Foundations | ||
| Aug. 25 | AI System | ||
| Aug. 27 | Guest Lecture I | ||
| Sep. 01 | Paper Reading Tutorial | ||
| Sep. 03 | Guest Lecture II | ||
| Sep. 08 | Distribution Shift | ||
| Sep. 10 | Spurious Correlations | ||
| Sep. 15 | Explainable AI | ||
| Sep. 17 | Machine Unlearning | ||
| Sep. 22 | Project Proposal Discussion | ||
| Sep. 24 | Project Proposal Discussion | ||
| Sep. 29 | Backdoor Attacks | ||
| Oct. 01 | Backdoor Defenses | ||
| Oct. 06 | Well-Being Day | ||
| Oct. 08 | Hallucinations | ||
| Oct. 13 | LLM Backdoors | ||
| Oct. 15 | Fall Break | ||
| Oct. 20 | Midpoint Project Review | ||
| Oct. 22 | Midpoint Project Review | ||
| Oct. 27 | LLM Backdoor Defenses | ||
| Oct. 29 | Jailbreak Attacks | ||
| Nov. 03 | Jailbreak Defenses | ||
| Nov. 05 | Watermark | ||
| Nov. 10 | AI Content Detection | ||
| Nov. 12 | RAG Security | ||
| Nov. 17 | Agent Security | ||
| Nov. 19 | Multimodal Safety | ||
| Nov. 24 | Final Presentation | ||
| Nov. 26 | Thanksgiving | ||
| Dec. 01 | Final Presentation |
Class Participation
Use the participation record to report class participation.
Paper Presentation
Each student will present one or two research papers during the semester, depending on enrollment. You can use the paper list to sign up for your preferred papers.
Before August 30:
Students may freely sign up for available papers using the shared spreadsheet. Please sign up for two papers unless instructed otherwise.After August 30:
Any papers that remain unassigned will be randomly allocated to students by the instructor, or the instructor will present them. These assignments will be final.
Slides must be uploaded by 11:59pm the night before class on the day of your presentation. Late submissions will incur penalties.
Final Project Details
This course includes a final project in lieu of a final exam. Projects may be completed individually or in groups of two. Groups of more than two are not permitted. The final project consists of:
- Project Proposal (10%)
- Project Mid-term Review (20%)
- Project Presentation (30%)
- Project Paper (40%)
Group List
Please form the final project group before August 30th, and sign up using the shared spreadsheet. Please don’t modify the information of other groups.
Four Parts Including Point Values
I will meet with each student or group to discuss potential project topics. Suitable topics include, but are not limited to:
- Conducting a careful empirical study comparing state-of-the-art methods;
- Reproducing an influential research paper and analyzing its limitations;
- Developing a small methodological or algorithmic extension;
- A structured survey of a focused sub-area in trustworthy machine learning.
- …
P1: Project Proposal (10 Points): The project proposal is limited to 2-page (excluding reference) and contains:
- The problem you aim to address;
- A brief review of related work;
- The method(s) you plan to use or compare;
- Evaluation metrics and expected outcomes;
- Reference.
See latex template at link.
P2: Project Mid-term Review (20 Points): Around the middle of the semester, each group will schedule a brief meeting with the instructor. One member from each group (different from the proposal presenter) will present a set of slides that summarize the group’s progress up to that point.
P3: Project Presentation (30 Points): Presentations will take place during the final 2 - 3 lectures of the semester. Each student or group will give a short presentation (length announced later) summarizing the problem, approach, results, and conclusions. Attendance is required for all presentations.
P4: Project Paper (40 Points): Students must submit a written final report in PDF format. The report must use the NeurIPS Latex style files and should be no more than 8 pages excluding references (there is no minimum length requirement). The report may include a discussion of possible future extensions.
Due Dates of Individual Parts
| Part | Description | Location | Due Date (Time) |
|---|---|---|---|
| P1 | Project Proposal | Canvas | Sep. 20 (11:59PM) |
| Proposal Meeting | Hanes 334 | Sep. 22 / Sep. 24 (Lecture Time) | |
| P2 | Mid-term Review Slides | Canvas | Oct. 18 (11:59PM) |
| Review Meeting | Hanes 334 | Oct. 20 / Oct. 24 (Lecture time) | |
| P3 | Presentation Slides | Canvas | Nov. 23 / Nov. 30 (11:59PM) |
| Final Presentation | Class | Nov. 24 / Dec. 01 (Lecture time) | |
| P4 | Final Report | Canvas | Dec. 04 (11:59PM) |
This page was last updated on 2026-06-25 11:43:48.038973 Eastern Time.