👋Tony (Lipeng) He

I am a student, software engineer, and researcher at the University of Waterloo.

Tony teaching an undergraduate CS course

Pages & Links

Pinned

About Me

I'm pursuing a Master of Mathematics (Research/Thesis) degree in Computer Science at UWaterloo. I am grateful to be advised by N. Asokan.

I'm part of Secure Systems Group (SSG), Cryptography, Security, and Privacy (CrySP) Lab, and the Cybersecurity and Privacy Institute (CPI). I also worked with Jian Liu at ABC Lab, Zhejiang University. Currently, my office is located in the William G. Davis Computer Research Centre, DC 3333B, M3.

I'm in pursuit of knowledge, experience, and the various other beautiful things life has to offer. I strive to live deliberately. Before research, I spent some years doing software engineering. In the limit of my life, I also hope to be a pianist, wri ter, podcaster, designer, and entrepreneur.

Research Interests

My research focuses on Trustworthy Machine Learning, with an emphasis on the security, privacy, and safety of large language models (LLMs) and modern Artificial Intelligence (AI) systems. I develop effective and efficient adversarial attacks, as well as principled defenses, drawing on applied cryptography, theoretical machine learning, and computer security to characterize and mitigate emerging threats.

More broadly, I am interested in alignment, interpretability, and reinforcement learning for building controllable and reliable AI systems.

I also study the design and software engineering of agentic systems for both AI-for-security use cases and real-world business applications, with a particular focus on the security and privacy of LLM-based agents and multi-agent systems.

A central goal of my work is to bridge theoretical security research with real-world deployments and viable business models, enabling more trustworthy AI in practice.

Selected PublicationsPublications* indicates equal contribution

Activation Approximations Can Incur Safety Vulnerabilities Even in Aligned LLMs: Comprehensive Analysis and Defense

Jiawen Zhang*, Kejia Chen*, Lipeng He*, Jian Lou, Dan Li, Zunlei Feng, Mingli Song, Jian Liu, Kui Ren, and Xiaohu Yang

USENIX Security 2025

Paper →Code →Website →

LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts

Shoupeng Ren, Lipeng He, Tianyu Tu, Di Wu, Jian Liu, Kui Ren, and Chun Chen

FSE 2025

Paper →Code →

Secure Transformer Inference Made Non-interactive

Jiawen Zhang, Xinpeng Yang, Lipeng He, Kejia Chen, Wen-jie Lu, Yinghao Wang, Xiaoyang Hou, Jian Liu, Kui Ren and Xiaohu Yang

NDSS 2025

Paper →Code →

On the Atomicity and Efficiency of Blockchain Payment Channels

Di Wu, Shoupeng Ren, Yuman Bai, Lipeng He, Jian Liu, Wu Wen, Kui Ren, et al.

USENIX Security 2025

Paper →Code →

FedVLP: Visual-aware Latent Prompt Generation for Multimodal Federated Learning

Hao Pan, Xiaoli Zhao, Yuchen Jiang, Lipeng He, Bingquan Wang, and Yincan Shu

Computer Vision and Image Understanding

Paper →

A Survey of Multimodal Federated Learning: Background, Applications, and Perspectives

Hao Pan, Xiaoli Zhao, Lipeng He, Yicong Shi, and Xiaogang Lin

Multimedia Systems

Paper →Code →

A Comparative Examination of Network and Contract-Based Blockchain Storage Solutions for Decentralized Applications

Lipeng He

DECA 2023

Paper →

PreprintsCitations

Always Aligned: Understanding and Preserving Safety in Fine-Tuned LLMs

Jiawen Zhang, Yangfan Hu, Kejia Chen, Lipeng He, Jiachen Ma, Jian Lou, Dan Li, Jian Liu, Xiaohu Yang, and Ruoxi Jia

Under Submission

SoK: Colluding Adversaries in Machine Learning Pipelines

Vasisht Duddu, Lipeng He, Asim Waheed, and N. Asokan

Under Submission

Locket: Robust Feature-Locking Technique for Language Models

Lipeng He, Vasisht Duddu, and N. Asokan

Under Submission

Paper →Poster →

Safety at One Shot: Patching Fine-Tuned LLMs with A Single Instance

Jiawen Zhang, Lipeng He, Kejia Chen, Jian Lou, Jian Liu, Xiaohu Yang, and Ruoxi Jia

Under Submission

Beyond Detection: A Federated Prompt Industrial Anomaly Analysis Framework with Expert Knowledge

Hao Pan, Xiaoli Zhao, Lipeng He, and Xiwu Shang

Under Submission

StructEval: Benchmarking LLMs' Capabilities to Generate Structural Outputs

Jialin Yang, Dongfu Jiang, Lipeng He, Sherman Siu, Yuxuan Zhang, Disen Liao, Benjamin Schneider, Ping Nie, Wenhu Chen, et al.

Under Submission

Paper →Code →Website →

Token-by-Token Manipulation: Inference-Time Jailbreaking on Production LLMs via Autoregressive Harmful Guidance

Jiawen Zhang*, Lipeng He*, Kejia Chen*, Jian Liu, Zunlei Feng, Mingli Song, Jian Lou, Dan Li, and Xiaohu Yang

Under Submission

Talks

UWaterloo Cybersecurity and Privacy Institute (CPI) Graduate Student Conference (GradConf 2025)

Activation Approximations Can Incur Safety Vulnerabilities Even in Aligned LLMs: Comprehensive Analysis and Defense

Spotlight Talk

Poster →Slides →

Academic Services

Program Committee Member

Conference

USENIX Security Symposium 2026

Artifact Evaluation

Program Committee Member

Conference

Privacy Enhancing Technologies Symposium (PoPETs/PETS) 2026

Artifact Evaluation

Program Committee Member

Conference

ACM Conference on Computer and Communications Security (CCS) 2025

Artifact Evaluation

Invited Reviewer

Journal

IEEE Transactions on Dependable and Secure Computing (TDSC)

Student Member

Membership

Association for Computing Machinery (ACM)

lipenghe@acm.org

Funding

AWS Startup Activate Credits (Portfolio)

Industry

USD 25,000

Amazon

Lambda Research Grant Program

Industry

USD 5,000; Principal Investigator: N. Asokan

λ (Lambda) AI

David R. Cheriton Graduate Scholarship

University

CAD 10,000

University of Waterloo

International Master's Award of Excellence (IMAE)

University

CAD 7,500

University of Waterloo

Teaching

University of Waterloo

Part-time

Instructional Apprentice (IA)

Sept 2025 - Present

CS 135 Designing Functional Programs

University of Waterloo

Co-op

Instructional Support Assistant (ISA)

Aug 2024 - Dec 2024

CS 135 Designing Functional Programs

ExperienceLinkedIn

Bluelet AI

Leadership

Co-Founder & CTO

May 2025 - June 2025

Agentic AI and data platform solutions for talent acquisition and matching

University of Waterloo

Research, Part-time

Research Assistant (URA)

Jan 2025 - Present

Cryptography, Security, and Privacy (CrySP) Lab

Zhejiang University

Research, Co-op

Research Assistant

May - Aug 2024

ABC Lab, Institute of Cyberspace Research

BioRender

SWE, Co-op

Full Stack Software Engineer

Jan - Apr 2023

SaaS, Y Combinator W18

Toronto, ON

Safyre Labs

SWE, Co-op

Full Stack Software Engineer

May - Aug 2022

E-Commerce Platform, Supply Chain

North York, ON

Bitbuy

SWE, Co-op

Software Engineer

Sep - Dec 2021

Cryptocurrency Exchange, Publicly Traded on TSX: WNDR

Toronto, ON

Education

University of Waterloo

MMath

Master's Degree (Research/Thesis)

Sep 2025 - Present

Computer Science

University of Waterloo

BMath

Honours Bachelor's Degree (Co-op)

Sep 2020 - Apr 2025

Mathematics (Minor in Computing)

Nanyang Technological University

Undergrad

Exchange Student (GEM Trailblazer)

Aug 2023 - Dec 2023

Mathematical Sciences

NewsletterPodcast

New Article Everytime I Publish :)