Security and Privacy Research at the University of Virginia

Our research seeks to empower individuals and organizations to control how their data is used. We use techniques from cryptography, programming languages, machine learning, operating systems, and other areas to both understand and improve the privacy and security of computing as practiced today, and as envisioned in the future. A major current focus is on adversarial machine learning.

SRG lunch
SRG Leap Day Lunch (29 February 2024)

We are part of the NSF AI Institute for Agent-based Cyber Threat Intelligence and Operation (ACTION) which seeks to change the way mission-critical systems are protected against sophisticated security threats. Collaboration with UC Santa Barbara (lead), Purdue, UC Berkeley, U Chicago, Georgia Tech, NSU, Rutgers, UIUC, UIC, UW, and WWU.
We are members of the NSF SaTC Frontier Center for Trustworthy Machine Learning (CTML) focused on developing a rigorous understanding of machine learning vulnerabilities and producing tools, metrics, and methods to mitigate them. Collabortion with the University of Wisconsin (lead), UC Berkeley, UC San Diego, and Stanford.
Active Projects

Inference Privacy
Security ML
Auditing ML Systems

Past Projects
Secure Multi-Party Computation
   Obliv-C · MightBeEvil

N-Variant Systems · Splint · More…

Recent Posts

Visit to University of Tennessee

Suya, LLM, auditing, David Evans

Had a great time visiting Professor Suya at the University of Tennessee, Knoxville.

I gave a talk (mostly on Hannah’s work, but also including some new work by Nia) in the Tennessee RobUst, Secure, and Trustworthy AI Seminar (TRUST-AI) organized by Suya:

EMNLP: Unsupervised Concept Vector Extraction for Bias Control in LLMs

LLM, Hannah Cyberey, Yangfeng Ji, activation steering, bias, fairness

Our paper on extracting concept vectors for LLMs was presented at the 2025 Conference on Empirical Methods in Natural Language Processing (EMNLP):

Steering “gender” concept in QWEN-1.8B, evaluated on an example from Winogenerated fill-in- the-blank task. Baseline shows the original probabilities with no steering applied.

University of Wisconsin Talk

censorship, fairness, talks, Wisconsin, Madison, David Evans

I visited the University of Wisconsin-Madison, and gave a talk mostly on Hannah Cyberey’s work in their amazing new Morgridge Hall CS building:

University of Wisconsin

Tilting the BobbyTables and Steering the CensorShip

Abstract: AI systems including Large Language Models (LLMs) increasingly influence human writing, thoughts, and actions, yet our ability to measure and control the behavior of these systems is inadequate. In this talk, I will describe some of the risks of uses of language models and ways to measure biases in LLMs. Then, I will advocate for measurement and control strategies that depend on analysis and manipulation of internal representations, and show how a simple inference-time intervention can be used to mitigate gender bias and control model censorship without degrading overall model utility.

Thanks to Patrick McDaniel for hosting a great visit!

AI Exchange Podcast

censorship, fairness, David Evans, Chirag Agarwal, podcast

I was a guest, together with Chirag Agarwal on the AI Exchange podcast hosted by Ryan Wright and Varun Korisapati:

AI Exchange @ UVA Podcast, Episode 4.

Topic: Trustworthy AI depends on ensuring security, privacy, fairness, and explainability.

Olsen Bicentennial Professor

Olsen Bicentennial Processor of Engineering, David Evans

I’m honored to have been elected the “Olsen Bicentennial Professor of Engineering”.

The appointment is in the 12 Septemember 2025 Board of Visitors minutes (page 13072):

RESOLVED, the actions relating to the chairholders are approved as shown below:
David E. Evans, as Olsen Bicentennial Professor of Engineering, for the periodAugust 25, 2025 through August 24, 2030. Evans will continue as Professor of Computer Science, without term.

The professorship was created by a gift from Greg Olsen in 2019 to celebrate the bicentennial of the University’s founding in 1819:

A $15 million endowment for Olsen Bicentennial Professorships, providing resources for UVA Engineering to recruit and retain leading scholars who will drive collaborative research, create knowledge and technologies to benefit humanity and cultivate an environment of educational innovation.

(From Elizabeth Thiel Mather and T.J. Zepp, Largest-Ever Gift to UVA Engineering will Support Teaching and Research Excellence, UVA Engineering News, November 2019.)

SRG Logo University of Virginia
Security Research Group

Team
   Prospective Students
   Awards
   Director: David Evans

Publications
   Videos

Recent News

Visit to University of Tennessee
EMNLP: Unsupervised Concept Vector Extraction for Bias Control in LLMs
University of Wisconsin Talk
AI Exchange Podcast
Olsen Bicentennial Professor
Congratulations, Dr. Cyberey!
TMLR: Inference-time Methods for LLM Reliability
Congratulations, Dr. Suri!
Steering the CensorShip
US v. Google
New Classes Explore Promise and Predicaments of Artificial Intelligence
Is Taiwan a Country?
Can we explain AI model outputs?
Une expérience immersive et enrichissante
Reassessing EMNLP 2024’s Best Paper: Does Divergence-Based Calibration for Membership Inference Attacks Hold Up?
Common Way To Test for Leaks in Large Language Models May Be Flawed
Meet Professor Suya!
Poisoning LLMs
The Mismeasure of Man and Models
Google's Trail of Crumbs
Technology: US authorities survey AI ecosystem through antitrust lens
John Guttag Birthday Celebration
Congratulations, Dr. Suri!
Graduation 2024
SaTML Talk: SoK: Pitfalls in Evaluating Black-Box Attacks

Older Posts
Posts by Tag
Posts by Category
Old Blog