Haoran Li 李浩然 Ph.D. Computer Science Hong Kong University of Science and Technology Contact: hlibt [at] connect [dot] ust [dot] hk University Center 101, Tower C, HKUST [Google Scholar] [CV]

About Me

I am currently a postdoc at HKUST supervised by Prof Yangqiu Song. I obtained my Computer Science Ph.D degree at the Hong Kong University of Science and Technology in 31 January, 2025. I am fortunate to be advised by Prof. Yangqiu Song during my Ph.D study. I obtained my B.S. degree, majoring in Computer Science and Math-CS track, from the Hong Kong University of Science and Technology in 2020.

I was an intern student in the LLM Alignment team at Minimax from July to November 2024. My task is to implement the insturction hierarchy for their models with enhanced robustness against prompt injection attacks. In addition, I was an intern student in the Toutiao AI Lab, Bytedance for NLP research during Summer of 2022.

My research interest is mainly about privacy studies in NLP that include:

• Privacy attacks and defenses on (Large) Language Models.
• Differential Privacy.
• Contextual Integrity.
I am currently the project manager of the Privacy Checklist Project. We aim to remove the Alignment Tax by building a powerful compliance reasoner for privacy and safety regulations to safeguard foundational models and their applications.
• Federated Learning.

I am fortunate to be selected for the Jockey Club STEM Early Career Research Fellowship for Translation and Application. I am grateful to the generous support from the Hong Kong Jockey Club Charities Trust.

Preprints

Haoran Li*, Xinyuan Zhao*, Dadi Guo*, Hanlin Gu, Ziqian Zeng, Yuxing Han, Yangqiu Song, Lixin Fan, Qiang Yang. Federated Domain-Specific Knowledge Transfer on Large Language Models Using Synthetic Data. 2024. [link]
Qi Hu, Weifeng Jiang, Haoran Li, Zihao Wang, Jiaxin Bai, Qianren Mao, Yangqiu Song, Lixin Fan, Jianxin Li FedCQA: Answering Complex Queries on Multi-Source Knowledge Graphs via Federated Learning. 2024. [link]
Haoran Li*, Yulin Chen*, Jinglong Luo*, Yan Kang, Xiaojin Zhang, Qi Hu, Chunkit Chan, Yangqiu Song. Privacy in Large Language Models: Attacks, Defenses and Future Directions. 2023. [link]

Selected Publications

	PrivaCI-Bench: Evaluating Privacy with Contextual Integrity and Legal Compliance Haoran Li*, Wenbin Hu*, Huihao Jing*, Yulin Chen, Qi Hu, Sirui Han, Tianshu Chu, Peizhao Hu, Yangqiu Song. To appear at ACL 2025. [ Code ] [ Paper ] We present PrivaCI-Bench, a comprehensive contextual privacy evaluation benchmark targeted at legal compliance to cover wellannotated privacy and safety regulations, real court cases, privacy policies, and synthetic data built from the official toolkit to study LLMs' privacy and safety compliance.
	Can Indirect Prompt Injection Attacks Be Detected and Removed? Yulin Chen, Haoran Li, Yuan Sui, Yufei He, Yue Liu, Yangqiu Song, Bryan Hooi. To appear at ACL 2025. [ Code (WIP) ] [ Paper ] In this paper, we investigate the feasibility of detecting and removing indirect prompt injection attacks, and we construct a benchmark dataset for evaluation. For detection, we assess the performance of existing LLMs and open-source detection models, and we further train detection models using our crafted training datasets. For removal, we evaluate two intuitive methods...
	Defense Against Prompt Injection Attack by Leveraging Attack Techniques Yulin Chen, Haoran Li, Zihao Zheng, Yangqiu Song, Dekai Wu, Bryan Hooi. To appear at ACL 2025. [ Code (WIP) ] [ Paper ] In this paper, we invert the intention of prompt injection methods to develop novel defense methods based on previous trainingfree attack methods, by repeating the attack process but with the original input instruction rather than the injected instruction.
	Privacy Checklist: Privacy Violation Detection Grounding on Contextual Integrity Theory Haoran Li*, Wei Fan*, Yulin Chen, Jiayang Cheng, Tianshu Chu, Xuebing Zhou, Peizhao Hu, Yangqiu Song. NAACL 2025 (Oral). [ Code ] [ Paper ] In this paper, we develop the first comprehensive checklist that covers social identities, private attributes, and existing privacy regulations.
	Simulate and Eliminate: Revoke Backdoors for Generative Large Language Models Haoran Li*, Yulin Chen*, Zihao Zheng, Qi Hu, Chunkit Chan, Heshan Liu, Yangqiu Song. AAAI 2025. [ Code ] [ Paper ] In this paper, we present Simulate and Eliminate (SANDE) to erase the undesired backdoored mappings for generative LLMs. Unlike other works that assume access to cleanly trained models, our safety-enhanced LLMs are able to revoke backdoors without any reference.
	GoldCoin: Grounding Large Language Models in Privacy Laws via Contextual Integrity Theory Wei Fan, Haoran Li*†, Zheye Deng, Weiqi Wang, Yangqiu Song († denotes the Corresponding Author). EMNLP 2024 Outstanding Paper Award. [ Code ] [ Paper ] In this paper, we introduce a novel framework, GOLDCOIN, designed to efficiently ground LLMs in privacy laws for judicial assessing privacy violations. Our framework leverages the theory of contextual integrity as a bridge, creating numerous synthetic scenarios grounded in relevant privacy statutes (e.g., HIPAA), to assist LLMs in comprehending the complex contexts for identifying privacy risks in the real world.
	PrivLM-Bench: A Multi-level Privacy Evaluation Benchmark for Language Models Haoran Li*, Dadi Guo*, Donghao Li*, Wei Fan, Qi Hu, Xin Liu, Chunkit Chan, Duanyi Yao, Yuan Yao, Yangqiu Song. ACL 2024 (Oral). [ Code ] [ Paper ] In this paper, we present PrivLM-Bench, a multi-perspective privacy evaluation benchmark to empirically and intuitively quantify the privacy leakage of LMs. Instead of only reporting DP parameters, PrivLM-Bench sheds light on the neglected inference data privacy during actual usage. In addition, we integrate PEFT into PrivLM-Bench.
	Privacy-Preserving Neural Graph Databases Qi Hu, Haoran Li, Jiaxin Bai, Yangqiu Song. KDD 2024. [ Code ] [ Paper ] The usage of neural embedding storage and Complex neural logical Query Answering (CQA) provides NGDBs with generalization ability. When the graph is incomplete, by extracting latent patterns and representations, neural graph databases can fill gaps in the graph structure, revealing hidden relationships and enabling accurate query answering.
	Multi-step Jailbreaking Privacy Attacks on ChatGPT Haoran Li*, Dadi Guo*, Wei Fan, Mingshi Xu, Jie Huang, Fanpu Meng, Yangqiu Song Findings of EMNLP 2023 [ Code ] [ Paper ] In this paper, we study the privacy threats from OpenAI's model APIs and New Bing enhanced by ChatGPT and show that application-integrated LLMs may cause more severe privacy threats ever than before.
	Sentence Embedding Leaks More Information than You Expect: Generative Embedding Inversion Attack to Recover the Whole Sentence Haoran Li, Mingshi Xu, Yangqiu Song Findings of ACL 2023 [ Code ] [ Paper ] In this work, we further investigate the information leakage issue and propose a generative embedding inversion attack (GEIA) that aims to reconstruct input sequences based only on their sentence embeddings.
	You Don't Know My Favorite Color: Preventing Dialogue Representations from Revealing Speakers' Private Personas Haoran Li, Yangqiu Song, Lixin Fan NAACL 2022 (Oral) [ Code ] [ Paper ] We investigate the privacy leakage of the hidden states of chatbots trained by language modeling which has not been well studied yet. We show that speakers' personas can be inferred through a simple neural network with high accuracy. To this end, we propose effective defense objectives to protect persona leakage from hidden states.
	FedAssistant: Dialog Agents with Two-side Modeling Haoran Li*, Ying Su*, Qi Hu, Jiaxin Bai, Yilun Jin, Yangqiu Song FL-IJCAI'22 [ Code ] ] [ Paper ] We propose a framework named FedAssistant to training neural dialog systems in a federated learning setting. Our framework can be trained on multiple data owners with no raw data leakage during the process of training and inference. (Code and paper will appear later.)
	Differentially Private Federated Knowledge Graphs Embedding Hao Peng*, Haoran Li*, Yangqiu Song, Vincent Zheng, Jianxin Li CIKM 2021 (Oral) [ Code ] [ Paper ] We propose a novel decentralized scalable learning framework, Federated Knowledge Graphs Embedding (FKGE), where embeddings from different knowledge graphs can be learnt in an asynchronous and peer-to-peer manner while being privacy-preserving.
	Self-supervised Dance Video Synthesis Conditioned on Music Xuanchi Ren, Haoran Li, Zijian Huang, Qifeng Chen ACM International Conference on Multimedia (ACM MM), 2020 (Oral) [ Code ] [ Paper ] Undergraduate Final Year Project.

Academic Services

Frequent Reviewer at ARR Rolling Review

Reviewer at KDD 2023, KDD 2024

Reviewer at NIPS 2024

Reviewer at ICLR 2025

Reviewer at AAAI 2025

Teaching

Teaching Assistant Coordinator (TAC) of Computer Science and Engineering at HKUST, 2023-2024.
Teaching Assistant of COMP4332/RMBI4310 Big Data Mining at HKUST (Spring 2021, 2022).
Teaching Assistant of COMP2011 Programming with C++ at HKUST (Fall 2022). Last updated: May/16/2025
This web template comes from my buddy Zhenmei Shi, a talented guy in Math and machine learning. Thank little Mei for the beautiful template!