The Safe And secure Foundation mOdel systems Lab (SaFoLab) at Johns Hopkins University, led by Professor Chaowei Xiao, is dedicated to pioneering research in trustworthy (MultiModal) Large Language Model Systems.
Our mission is to develop robust and secure AI systems that can be trusted across various application domains, with a focus on building safe AGI with both practical robustness and provable guarantees.
Recent Awards & Honors
🏆 2025: JailbreakV won Second Prize of SafeBench Competition
🏆 2024: USENIX Security Distinguished Paper Award
🏆 2024: Schmidt Sciences AI2050 Early Career Fellow
🏆 2024: ACM Gordon Bell Final List Nominee
🏆 2024: PhD student Xiaogeng Liu won NVIDIA Fellowship (Security track)
🏆 2024: Selected in Stanford/Elsevier Top 2% Scientists List
Recent Invited Talks
🎤 Dec 2025: NeurIPS discussion session on AI Agent Security
🎤 Jun 2025: CVPR Workshop on Adversarial Machine Learning (Foundation Models)
🎤 May 2025: IEEE S&P Workshop on Secure Generative AI Agents
🎤 Dec 2024: Keynote at CCS Workshop on Large AI Systems
🎤 Oct 2024: Trillion Parameter Consortium talk; NSF Workshop on LLMs for Network Security
Recent News
Check out our github group for our latest projects and publications.
2025-01:
Nine papers accepted to ICLR 2025! Including AutoDAN-Turbo (Spotlight), T-Stitch, LeanAgent, MuirBench, and more.
2025-01:
Three papers accepted to ACL 2025 on LLM safety: PIGuard, SudoLM, and AGrail.
2025-01:
Three papers accepted to NAACL 2025: CVE-Bench, RePD, and Test-time Backdoor Mitigation.
2025-01:
JailbreakV won Second Prize of SafeBench Competition.
2025-01:
Two papers on Preference Poisoning Attacks accepted to ICML 2025 and IEEE S&P 2025.
2024-12:
Fall Research Competition Award at UW-Madison.
2024-11:
Lab received funding from Amazon and Apple.
2024-11:
SaFo Lab will have a winter break this Dec. Lab members will enjoy some well-deserved vacation time.
2024-11:
Jiongxiao will go to NeurIPS to present our paper BackdoorAlign for finetuning based jailbreak attacks.
2024-10:
Prof. Chaowei Xiao gave keynote at CCS Workshop on Large AI Systems.
2024-10:
Xiaogeng Liu won NVIDIA Fellowship (Security track).
2024-09:
Four papers accepted to NeurIPS 2024: HaloScope (Spotlight), BackdoorAlign, Consistency Purification, and AgentPoison.
2024-08:
Won USENIX Security Distinguished Paper Award.
2024-08:
Selected as Schmidt Sciences AI2050 Early Career Fellow.
2024-08:
ACM Gordon Bell Final list nominee.
2024-08:
Selected in Stanford/Elsevier Top 2% Scientists List.
2024-07:
Four papers accepted to ECCV 2024 on trustworthy VLM and autonomous driving: Dolphins, AdaShield, RealGen, and Hierarchical Feature Sharing.
2024-07:
MultiModal jailbreak benchmark (JailbreakV-28K) accepted to COLM 2024.
2024-06:
Prof. Chaowei Xiao gave talk on Security in era of Vision Large Language Models at CVPR.
2024-06:
Prof. Chaowei Xiao gave talk on Security in era of Large Language Models at NAACL.
2024-05:
Prof. Chaowei Xiao gave talk at ICLR on recent progress in LLM security.
2024-05:
Jailbreak paper (Do Not Listen To Me) accepted to USENIX Security 2024. Congratulations, Zhiyuan!
2024-03:
Five papers at NAACL 2024 on LLM security: two on backdoor attack, one on backdoor defense, one on jailbreak attacks, and one on model fingerprint.
2024-03:
PerAda for personalized federated learning accepted at CVPR 2024.
2024-01:
Three papers accepted to ICLR 2024: AutoDAN, ChatGPT-powered Drug Editing, and CALICO.
2024-01:
Two papers accepted to TMLR: Prismer and Voyager.
2023-12:
Invited Talk at NeurIPS TDW workshop.
2023-10:
MoleculeSTM accepted to Nature Machine Intelligence. MoleculeSTM aligns natural language and molecule representation into the same space.
2023-10:
Three papers at EMNLP and one paper at NeurIPS. NeurIPS paper studies new threat of instruction tuning by injecting Ads into LLMs.
2023-10:
Tutorial on Security and Privacy in the Era of Large Language Models accepted to NAACL.
