Xiaowei Huang — University of Liverpool

I am Professor of Computer Science at the University of Liverpool. Prior to Liverpool, I worked at the University of Oxford and the University of New South Wales in Australia. I am the Head of Artificial Intelligence for the School of Computer Science and Informatics, and prior to this, I was on the role of school research lead of the School of Electronic Engineering, Electronics, and Computer Science.

I founded the Trustworthy Autonomous Cyber-Physical Systems (TACPS) Laboratory, now located at the Digital Innovation Facility (DIF). Our mission: every AI system deployed in a safety-critical setting should come with a certification guarantee.

Research Interests

I work on making AI systems certifiably safe — developing the theory, algorithms, and tools needed so that neural networks, large language models, and autonomous agents can be deployed in safety-critical settings with provable guarantees. My group has been at the forefront of this field since publishing one of the first DNN verification algorithms (DLV, CAV 2017), and our work now spans the full certification stack from formal verification through to runtime assurance. I am the author of the textbook Machine Learning Safety (Springer, 2023; 61,000+ accesses as of April 2026), coordinator of the €9.3M EU Horizon project RobustifAI, and have co-chaired the AISafety@IJCAI and SafeAI@AAAI workshop series every year since 2019 — among the longest-running dedicated AI safety workshops at top AI conferences. My publications have received over 8,800 citations as of April 2026 (Google Scholar).

Our research programme has progressed through four paradigms, each addressing limitations of the previous one:

Formal verification and testing — We pioneered SMT-based verification of deep neural networks and developed concolic testing tools (DeepConcolic) and structural coverage criteria, establishing software-engineering-grade assurance for neural networks and learning-enabled autonomous systems.
Scalable robustness guarantees — To move beyond NP-hard exact verification, we developed tighter PAC-Bayesian generalisation bounds, then shifted to distribution-free methods — conformal prediction and randomised smoothing — that provide per-input certificates scaling to production models.
Safety of foundation models and AI agents — We are extending certification to the GenAI era: guardrail construction for LLMs, machine unlearning (FALCON), rare-event safety estimation, deepfake detection (SIDA), and analysing emergent risks such as multi-agent collusion and reasoning failures in LLMs and VLMs.
Safety assurance and deployment — We build end-to-end safety cases integrating testing, verification, runtime monitoring, and hazard analysis — validated on real systems including an autonomous underwater vehicle (SOLITUDE project, Dstl).

Earlier work on logic-based reasoning — strategic logics, model checking, and epistemic reasoning in multi-agent systems — provides the formal foundations that underpin our specification languages for learning-enabled components.

A walk-through of our research programme is available in these research overview slides.

I co-organise the Turing interest group on Neuro-Symbolic AI and contribute to standards bodies including SAE G-34/EUROCAE WG-114 (aviation AI). Our group alumni now hold faculty and research positions at Exeter, Imperial College London, Southampton, Warwick, Manchester, MBZUAI, and other institutions worldwide. I am a senior member of IEEE.

The research has been funded by EPSRC, European Commission, Dstl, Innovate UK, the Alan Turing Institute, the UK AI Security Institute, etc. I have been the PI (or Liverpool PI) for projects valued more than £10M, and co-I for more than £20M. Some brief information can be found here.

I led a team that won the UK-US privacy-enhancing technologies prize challenges at the first stage and a special recognition prize on "Novel Modelling/Design" at the second stage.

Book "Machine Learning Safety" has been published by Springer.

Major Ongoing Projects

RobustifAI — €9.3M EU Horizon Europe · 18 Partners · 11 Countries · 2025–2028

Robustifying Generative AI through Human-Centric Integration of Neural and Symbolic Methods. Coordinated by Liverpool, with industry partners Collins Aerospace, Siemens, and Thales, and universities including Hebrew University (Katz), TU Wien, Chalmers, and others.

Three innovation axes: Neural-Symbolic Methods (combining logic/formal verification with ML for next-generation GenAI), Adaptiveness (introspection for hallucination detection and distribution shift), and Human Centricity (diverse stakeholders engaged throughout the lifecycle). Three use cases: autonomous driving (operational robustness), service robotics for patient care (user robustness), and cybersecurity SOC (technical robustness).

The Alignment Project

Funded through the Alignment Project, led by the UK AI Security Institute with EPSRC as a coalition partner, focusing on the development of rare-event estimation algorithms with targeted applications on AI agents with respect to jailbreaks and social deceptive behaviours.

Our research has spanned all stages of a full-stack safety case — testing, verification, safety assurance, and runtime monitoring. These have been validated in the SOLITUDE project (Dstl, 2020–2022) on an autonomous underwater vehicle, covering both simulated and physical executions in a controlled environment.

Open-Source Tools

We develop and maintain widely used safety verification and testing tools, including DLV (one of the first SMT-based DNN verifiers), DeepConcolic (concolic testing for DNNs), TrustAI (a suite of robustness analysis tools), and testRNN (coverage-guided testing for recurrent networks).

The following are a few video demos of our research:

For Prospective Students

I am always looking for PhD students with strong motivation to actively participate in research. There are a few possible ways of receiving a scholarship, for example:

A few Centres for Doctoral Training (CDTs) at Liverpool, including e.g., CDT for Distributed Algorithm
CSC-Liverpool scholarship, which usually has a deadline at the beginning of a year
Sir Joseph Rotblat Alumni Scholarship
Duncan Norman Scholarship
Other scholarship opportunities available at Liverpool

If you have other means of supporting your study, you are also welcomed to get in touch.

New Open Positions

We regularly have openings for postdocs and PhD students. Please check back or get in touch if you are interested.

Workshop Organisation

(08/2026) Co-organising the RobustifAI Workshop: Robustifying Generative AI for Reliable, Safe, and Human-Centric Systems at IJCAI-ECAI 2026, Bremen, Germany (15–17 August 2026). Please submit your papers through the Call for Papers page (deadline: 8 May 2026).
(06/2025) Co-organised the workshop "Workshop on General-Purpose AI: Prospects and Risks" at Liverpool, as part of the EPSRC project EnnCORE.
(12/2025) Co-organised the Interdisciplinary Workshop on Machine Learning and AI at the University of Liverpool.

Past workshops (2018–2022) ▸

(11/2022) SafeAI workshop at AAAI2022. SafeAI Workshop Website
(09/2021) Workshop "Safety Assurance for Deep Learning in Underwater Robotics" (website), SOLITUDE Project Resources
(05/2021) AISafety workshop at IJCAI2021. AISafety Website
(08/2020) SafeAI workshop at AAAI2021.
(03/2020) AISafety workshop at IJCAI2020.
(08/2019) SafeAI workshop at AAAI2020.
(08/2019) Workshop AI&FM2019 at ICFEM2019.
(02/2019) SafeAI workshop at IJCAI2019. Website
(08/2018) AAAI workshop on AI safety. Website

Recent News

(04/2026) Two papers accepted to ACL2026. Congratulations to Jinwei and Boxuan, and other co-authors.
(01/2026) One paper accepted to ICLR2026. Congratulations to Xinmiao and other co-authors.
(11/2025) Two papers accepted to AAAI2026.
(09/2025) Two papers accepted to NeurIPS2025, and one paper to EMNLP2025.
(09/2025) Gave a keynote talk on "my road to trustworthy AI" to WAISE2025.
(09/2025) Delivered a mini-course on "Techniques for Certifying Robustness in Modern Neural Networks" at the "Summer School on Artificial Intelligence and Cybersecurity", TU Wien, Austria.
(07/2025) Workshop on GenAI, "Workshop on General-Purpose AI: Prospects and Risks", at Liverpool, as part of the EPSRC project EnnCORE.
(01/2025) Started a new EU Horizon project, RobustifAI, as the coordinator. See the EU announcement.
(12/2024) Five papers accepted to AAAI2025.
(09/2024) One paper accepted to NeurIPS2024, congratulations to Zhen.
(08/2024) Contributions to discussions on Media: Privacy-Preserving Federated Learning – Future Challenges and Opportunities, Implementation Challenges in Privacy-Preserving Federated Learning and Beware of Botshit: How Researchers Hope to Fix AI's BS Issue
(07/2024) Two papers accepted to ECCV2024 and one paper to IROS2024.
(06/2024) Our survey paper "A Survey of Safety and Trustworthiness of Large Language Models through the Lens of Verification and Validation" has been accepted to the journal of Artificial Intelligence Review.
(05/2024) One paper accepted by ICML2024 on "Building Guardrails for Large Language Models". Congrats to Yi, Ronghui, and other co-authors.
(03/2024) One paper accepted by CVPR2024 on "Towards Fairness-Aware Adversarial Learning". Congrats to Yanghao, and other co-authors.
(02/2024) An AKT project funded: Utilising generative AI, specifically large language models (LLMs) for the searching of technical documentation in a cyber-secure environment, with Dr Ronghui Mu, to work with Leonardo UK.
(02/2024) Two projects funded: A literature review on "Safeguarding LLMs" (PI: Dr Yi Dong), and An Ethical and Robust AI Development Framework: Assessing Correctness and Detecting Fakes (PI: Dr Guangliang Cheng).
(01/2024) Two papers accepted by journals. "Privacy-Preserving Distributed Learning for Residential Short-Term Load Forecasting" will be published by IEEE Internet of Things, and "Reachability Verification-Based Reliability Assessment for Deep Reinforcement Learning Controlled Robotics and Autonomous Systems" will be published by RA-L.

Older news (2020–2023) ▸

(12/2023) Three papers were accepted to AAAI-24. Congratulations to Zihao, Ronghui, Sihao, and all other co-authors.
(10/2023) We won an Alan Turing project "CRoCS: Certified Robust and Scalable Autonomous Operation in Cyber Space".
(08/2023) Our paper "Hierarchical Distribution-Aware Testing of Deep Learning" is accepted by ACM Transactions on Software Engineering and Methodology.
(07/2023) One paper accepted to ACM MM 2023.
(07/2023) Paper "SAFARI: Versatile and Efficient Evaluations for Robustness of Interpretability" accepted to ICCV2023.
(02/2023) Paper "Randomized Adversarial Training via Taylor Expansion" accepted to CVPR2023.
(01/2023) Paper "Decentralised and Cooperative Control of Multi-Robot Systems through Distributed Optimisation" accepted to AAMAS2023.
(12/2022) Textbook "Machine Learning Safety" published by Springer.
(11/2022) Paper "Towards Verifying the Geometric Robustness of Large-scale Neural Networks" accepted to AAAI2023.
(10/2022) Start co-organising Turing interest group on Neuro-symbolic AI.
(10/2022) Awarded a project on UK and US governments launched challenge on privacy-enhancing technologies (PETs).
(07/2022) Paper "Adversarial Label Poisoning Attack on Graph Neural Networks via Label Propagation" accepted to ECCV2022.
(06/2022) Two papers accepted to IROS 2022.
(03/2022) Paper on "enhancing adversarial training with second order statistics of weights" accepted to CVPR2022.
(10/2021) Congratulations to Yanda, who has three papers published at ICCV2021, IEEE Trans. Medical Imaging, and MICCAI2021.
(08/2021) Delivered a tutorial to IJCAI'2021 on "Towards Robust Deep Learning Models: Verification, Falsification, and Rectification".
(07/2021) One paper accepted by ICCV2021.
(07/2021) Paper "Embedding and Synthesis of Knowledge in Tree Ensemble Classifiers" accepted by Machine Learning journal.
(05/2021) Paper "BayLIME: Bayesian Local Interpretable Model-Agnostic Explanations" accepted to UAI2021.
(05/2021) Paper "Coverage Guided Testing for Recurrent Neural Networks" accepted to IEEE Trans. Reliability.
(10/2020) Started a new project "SOLITUDE: Safety Argument for Learning-enabled Autonomous Underwater Vehicles."
(09/2020) Paper "How does Weight Correlation Affect Generalisation Ability of Deep Neural Networks?" accepted to NeurIPS2020.
(08/2020) Paper "PRODEEP: a platform for robustness verification of deep neural networks" accepted to ESEC/FSE2020.
(07/2020) Two papers accepted to ECCV2020.
(06/2020) Paper "Practical Verification of Neural Network Enabled State Estimation System for Robotics" accepted to IROS2020.
(05/2020) Survey paper "A Survey of Safety and Trustworthiness of Deep Neural Networks" accepted to Computer Science Survey.

Teaching for this semester

Semester 1, Undergraduate, Second Year. Advanced Artificial Intelligence.
Teaching materials available at AI Safety Lecture Notes

Below are the research directions we have fostered over the past years. We use [Journal Name, Year] to denote a journal publication and [ConferenceAbbreviation+Year] to denote a conference paper.

Research Programme: From Formal Verification to GenAI Safety

Over the past decade, our work has progressed through four paradigms — each building on the limitations discovered in the previous one — in pursuit of suitable yet provable guarantees for AI safety.

Act I

Formal Verification

SMT-based DNN verification (DLV, CAV 2017). The gold standard — but NP-hard and doesn't scale to production networks.

Act II

Tightening Bounds

PAC-Bayesian bounds via weight correlation, spectral norms, and Taylor expansion. Tighter, but still loose for large models.

Act III

Statistical Guarantees

Conformal prediction and randomised smoothing — distribution-free, per-input certificates that scale. The practical sweet spot.

Act IV

GenAI Safety

Extending certification to LLMs, VLMs, diffusion models, and AI agents. Rare-event estimation, guardrails, and layered safety.

See the full narrative in our research overview slides.

The detailed research directions below map onto this progression:

(a) Surveys, Textbook, and Foundations

We published a textbook [Machine Learning Safety, Springer 2023], providing a comprehensive treatment of safety across machine learning algorithms.
We have produced several surveys covering DNN safety [Computer Survey Review, 2020], adversarial robustness [CIKM2021], verification and validation for robotics [Robotics, 2021] and multiagent systems [AI Communications, 2022], LLM safety [Artificial Intelligence Review, 2024] [Artificial Intelligence Review, 2025], and diffusion model trustworthiness [Information Fusion, 2026] [Computer Science Review, 2026].
We formalise specifications for ML vulnerabilities [ICFEM2022], published in full in [JLAMP, 2024].

References: [Information Fusion, 2026], [Computer Science Review, 2026], [Artificial Intelligence Review, 2025], [Artificial Intelligence Review, 2024], [JLAMP, 2024], [Machine Learning Safety, Springer 2023], [ICFEM2022], [AI Communications, 2022], [CIKM2021], [Robotics, 2021], [Computer Survey Review, 2020]

(b) Formal Verification of Neural Networks and Learning-Enabled Systems

We are among the first to apply SMT-based verification to deep neural networks [CAV2017], further developed via game-based search [TACAS2018] [Theoretical Computer Sciences, 2020], global optimisation [IJCAI2018a] [IJCAI2019] [AAAI2023] [AAAI-2025b], and symbolic propagation [SAS2019] [FSE2020] [Formal Aspect of Computing, 2021]. We also consider statistical verification [ICANN2021].
Beyond CNNs, we verify recurrent neural networks [PAKDD2023] and deep reinforcement learning [IEEE RA-L, 2023b] [RA-L, 2024]. For learning-enabled systems, we develop verification algorithms for autonomous systems with temporal behaviour [IROS2022a], state estimation systems [IROS2020], and both robustness and resilience [Neurocomputing, 2024].
We train verification-friendly neural networks whose structure makes verification tractable [AAAI-2025a], and develop provable patch repair that guarantees local robustness without modifying the original network [ICSE2025].
We extend verification to large foundational models, including stable diffusion [ECCV2024-a].

References: [ICSE2025], [AAAI-2025b], [AAAI-2025a], [ECCV2024-a], [Neurocomputing, 2024], [RA-L, 2024], [AAAI2023], [IEEE RA-L, 2023b], [PAKDD2023], [IROS2022a], [Formal Aspect of Computing, 2021], [ICANN2021], [Theoretical Computer Sciences, 2020], [FSE2020], [IROS2020], [IJCAI2019], [SAS2019], [TACAS2018], [IJCAI2018a], [CAV2017]

(c) Testing, Falsification, and Evaluation

In parallel with DeepXplore, we adapt software testing methods to neural networks via concolic testing [ASE2018] [ICSE2019a] with structural coverage criteria [ACM TECS, 2019] [ICSE2019b], extended to RNNs [IEEE Trans. Reliability, 2022] and LLMs [ACL2023] [AAAI-24].
We develop methods for distribution-aware adversarial testing [ACM TOSEM, 2023], universal adversarial attacks [ICDM2020] [Machine Learning, 2023], poisoning attacks [Machine Learning, 2021], attacks on GNNs [ECCV2022], and imperceptible black-box textual adversarial perturbations (SCALA) [IEEE T-IFS, 2025].
We study rigorous evaluation including the balance between robustness and privacy [NeurIPS2024], the limits of adversarial defences in personalised diffusion models [AAAI2026b], and testing of complex systems such as a vehicle tracking system [ICRA2020].

References: [AAAI2026b], [NeurIPS2024], [ACM TOSEM, 2023], [Machine Learning, 2023], [IEEE Trans. Reliability, 2022], [ECCV2022], [Machine Learning, 2021], [ICDM2020], [ICRA2020], [ICSE2019a], [ICSE2019b], [ACM TECS, 2019], [ASE2018], [ACL2023], [AAAI-24]

(d) Robustness Enhancement, Training-Time Guarantees, and Other Properties

We study weight correlation and its effect on generalisation [NeurIPS2020], and use it to interpret dropout [TMLR, 2022]. We enhance adversarial training through second-order statistics (S²O) [CVPR2022] [IEEE TPAMI, 2025], Taylor expansion [CVPR2023], invariant representation-label correlation [IEEE T-IFS, 2025], fairness-aware adversarial learning [CVPR2024] [ICLR2025], and graph subspace energy for GNNs [IEEE TIFS, 2026].
We extend randomised smoothing to RL cumulative rewards [AAAI2024b] and cooperative multi-agent RL [AAAI2023], and apply conformal prediction to image retrieval with provable coverage [AAAI-2025c].
We develop uncertainty estimation for 3D dense prediction [IEEE RA-L, 2023a], place recognition [IROS2022b], and semi-supervised crowd counting [ICCV2021], and adversarial robustness for goal-conditioned RL [AAAI2024c].
We propose explainable AI methods via fault localisation [ECCV2020a], Bayesian enhancement (BayLIME) [UAI2021], and study the interaction between XAI and robustness [ICCV2023].
We also study energy efficiency via spiking neural networks [Frontier in Neuroscience, 2022] [Frontier in Neuroscience, 2024] and privacy-preserving distributed learning [IEEE Internet of Things, 2024].

References: [IEEE TIFS, 2026], [IEEE T-IFS, 2025], [AAAI-2025c], [CVPR2024], [AAAI2024b], [AAAI2024c], [IEEE Internet of Things, 2024], [Frontier in Neuroscience, 2024], [CVPR2023], [ICCV2023], [IEEE RA-L, 2023a], [AAAI2023], [TMLR, 2022], [CVPR2022], [Frontier in Neuroscience, 2022], [IROS2022b], [ICCV2021], [UAI2021], [ECCV2020a], [NeurIPS2020]

(e) Safety Assurance and Runtime Monitoring

We are among the first to enhance existing safety assurance approaches for ML components, developing a general framework [SafeCOMP2020] with operational profiles [DSN2021], robustness evaluation [ACM TOSEM, 2023], and hazard analysis [ITSC2023], applied to underwater vehicles [ACM TECS, 2023]. We also combine LLMs with Systems-Theoretic Process Analysis (STPA) to automate hazard identification [PRICAI2025].
For runtime monitoring, we detect failures via uncertainty estimation [IROS2022b] [IEEE RA-L, 2023a], construct symbolic monitors from hidden layers [IROS2024], evaluate OoD monitors [ICASSP2025], and mitigate hallucinated detections in YOLO-based systems [IROS2025].

References: [IROS2025], [ICASSP2025], [IROS2024], [ACM TOSEM, 2023], [ACM TECS, 2023], [ITSC2023], [IEEE RA-L, 2023a], [IROS2022b], [DSN2021], [ICCV2021], [SafeCOMP2020]

(f) Foundation Models and AI Agents

We investigate LLM capabilities and limitations, including mathematical reasoning [AAAI2024a] [ACL2023] [ICLR2025] and collaboration with human experts in safety analysis [ArXiv, 2023b].
We build guardrails for foundation models [ICML2024] and develop machine unlearning to remove hazardous knowledge while preserving capability [NeurIPS2025].
We propose training-free adaptation of programmatic agents via LLM-guided program synthesis [AAAI2026a] and introduce a novel threat of cognitive collusion where colluding agents steer victim beliefs using only truthful evidence fragments [ACL2026a].
We develop the Alignment Score for evaluating chain-of-thought reasoning coherence [ACL2026b] and Spatial-DISE for evaluating spatial reasoning in vision-language models [ICLR2026].
We address deepfake detection with joint detection, localisation, and explanation [CVPR2025] and study the limitations of adversarial defences in personalised text-to-image generation [AAAI2026b].

References: [ACL2026a], [ACL2026b], [ICLR2026], [AAAI2026a], [AAAI2026b], [CVPR2025], [NeurIPS2025], [ICML2024], [Artificial Intelligence Review, 2024], [AAAI2024a], [ACL2023], [ArXiv, 2023b]

(g) Applications of AI

We conduct research on AI applications including medical imaging [BMVC2021], [IEEE Trans. Medical Imaging, 2021], [ECCV2020b], [MICCAI2020], driving manoeuvres [IROS2019], person re-identification [Pattern Recognition, 2022], multiagent decentralised control [AAMAS2023], transportation counting [IEEE Trans. ITS, 2023], general game playing [KR2022], [AAMAS2022], and geometry problems [ACMMM2023].
More recent application contributions include zero-shot learning via diffusion-enhanced visual-semantic correlation (ZeroDiff) [ICLR2025], interactive segmentation [Pattern Recognition, 2026a], few-shot class-incremental learning [Pattern Recognition, 2026b], weakly supervised semantic segmentation via contrastive prompt clustering [Expert Systems with Applications, 2026], and transfer learning for airborne multi-spectral image classification [Signal Processing, 2026].

References: [Pattern Recognition, 2026a], [Pattern Recognition, 2026b], [Expert Systems with Applications, 2026], [Signal Processing, 2026], [AAMAS2023], [ACMMM2023], [IEEE Trans. ITS, 2023], [Pattern Recognition, 2022], [KR2022], [AAMAS2022], [BMVC2021], [IEEE Trans. Medical Imaging, 2021], [ECCV2020b], [MICCAI2020], [IROS2019]

(h) Logic-Based Reasoning and Specification

We have made many contributions to logic reasoning in multiagent systems concerning strategy and knowledge, including strategic logics [KR2014], [ACM TOCL, 2018], their model checking complexity [ECAI2010], [IJCAI2015], and symbolic model checking algorithms [AAAI2014], [TACAS2014], [Artificial Intelligence, 2015], [AAMAS2013c], [AAMAS2010]. We also formalise several key concepts including diagnosability [AAMAS2013b], reconfigurability [IJCAI2016a], correlated equilibrium [IJCAI2017], normative multiagent systems [IJCAI2016b], and agent communications [AAAI2016b].
We also work with probabilistic systems, concerning probabilistic logics [AAAI2012a], [AAMAS2013a], their model checking [AAAI2016a], [TARK2011], [IJCAI2018b]. We propose a logic for reasoning about cognitive trust [AAAI2017], [ACM TOCL, 2019].
We also consider verification of other systems including battery prognostics [SEFM2019], pursuit-evasion games [IJCAI2011], [AAAI2012b].
We start looking into specification languages for learning-enabled systems [ICFEM2022], published in full in [JLAMP, 2024].

References: [JLAMP, 2024], [ICFEM2022], [ACM TOCL, 2019], [ACM TOCL, 2018], [IJCAI2018b], [AAAI2017], [IJCAI2017], [AAAI2016a], [AAAI2016b], [IJCAI2016a], [IJCAI2016b], [Artificial Intelligence, 2015], [IJCAI2015], [TACAS2014], [AAAI2014], [KR2014], [AAMAS2013a], [AAMAS2013b], [AAMAS2013c], [AAAI2012a], [AAAI2012b], [IJCAI2011], [AAMAS2010], [ECAI2010]

Open-Source Tools & Software

These aren't just papers — they are open-source tools used by other research groups. All available at github.com/TrustAI.

DLV

DNN verification via SMT. Layer-by-layer exhaustive search for adversarial examples. Foundational tool from our CAV 2017 paper (970+ citations).

DeepConcolic

Concolic testing for DNNs. Structural coverage criteria (neuron, condition, MC/DC), distribution-aware adversarial testing. Extended to RNNs, GNNs, and LLMs.

TrustAI

Open-source toolkit for safety and trustworthiness of deep learning systems. Includes DeepGame, L0-TRE, and other tools from published papers.

MCK

Model checker for verifying autonomous multiagent systems, with support for epistemic and strategic reasoning.

Publications

Google Scholar | dblp

TrustAI: Tool Demos

DeepConcolic (Github repository)

Related Publications:

Testing Deep Neural Networks. arXiv
Concolic testing for deep neural networks. ASE2018
DeepConcolic: testing and debugging deep neural networks. ICSE2019
Structural Test Coverage Criteria for Deep Neural Networks. ACM TECS

Reliability validation of a learning-enabled dynamic tracking system (Github repository)

Related Publications:

Reliability Validation of Learning Enabled Vehicle Tracking. arXiv

PRODeep: a platform for robustness verification of deep neural networks

testRNN (Github repository)

Related Publications:

Test Metrics for Recurrent Neural Networks. arXiv

Recent Invited Talks, Seminars, and Panel Discussions

(09/2025) Keynote talk on "my road to trustworthy AI" at WAISE2025.
(09/2025) Mini-course on "Techniques for Certifying Robustness in Modern Neural Networks" at the "Summer School on Artificial Intelligence and Cybersecurity", TU Wien, Vienna, Austria.
(10/2022) Invited talk to ICFEM2022. slides.
(06/2022) Invited talk on "Is Deep Learning Certifiable at all?" to TAI-RM2022 workshop and to the SAE G-34/EUROCAE WG-114 Technical Talk.
(03/2022) Talk at Université Grenoble Alpes on "Machine Learning Safety (and Security)"
(08/2021) Tutorial at IJCAI'2021 on "Towards Robust Deep Learning Models: Verification, Falsification, and Rectification". Website.
(05/2021) Talk to the Center For Perspicuous Computing (CEPC) colloquium.
(05/2021) Talk on "safety and reliability of deep learning" to VARS'20.
(08/2020) Lectures on verification of neural networks at Summer School Marktoberdorf 2020.
(05/2020) Invited talk at University of Exeter.
(03/2020) Invited talk at MMB2020 on "Safety Certification of Deep Learning".
(04/2019) Talk to Liverpool Early Career Researcher Conference on Data Science, Machine Learning and AI.
(09/2018) Talk at Nanjing University. slides.
(07/2018) Talk at Imperial College. slides.
(04/2018) Invited talk at ETAPS workshop FOMLAS2018 on "Verification and Testing of Deep Learning".
(01/2018) Invited panel discussion at ERTS 2018, Toulouse, France.
(04/2018) Invited talk at ETAPS 2018, Thessaloniki, Greece.
(01/2018) Invited talk and panelist at SciTech2018, AIAA.
(12/2017) Invited talk on Verification of Robotics and Autonomous Systems, Beijing. slides.
(09/2017) Invited talk to AVM2017, Visegrad, Hungary. slides.
(11/2015) Talk on "Reasoning About Trust in Autonomous Multiagent Systems", University of Oxford.

Funding & Grants

Robustifying Generative AI through Human-Centric Integration of Neural and Symbolic Methods

Role: PI · EU Horizon · 2025–2028 · More Info · Website

Rare Event Estimation Algorithms for AI Agents

Role: PI · The Alignment Project (UK AI Security Institute / EPSRC) · 2026–2027

ARRES FORECAST: an AI-driven platform to predict road defect evolution

Role: PI (with Robotiz3D) · Innovate UK · 2024–2025 · More Info

Utilising generative AI (LLMs) for searching technical documentation in a cyber-secure environment

Role: PI (with Ronghui Mu) · AKT funded · 2024 · More Info

An Ethical and Robust AI Development Framework: Assessing Correctness and Detecting Fakes

Role: Co-I (PI: Dr Guangliang Cheng) · DSO funded · 2024–2025 · More Info

A literature review on "Safeguarding LLMs"

Role: Co-I (PI: Dr Yi Dong, with Dr Ronghui Mu) · Alan Turing funded · 2024 · More Info

CRoCS: Certified Robust and Scalable Autonomous Operation in Cyber Space

Role: PI (with Alan Marshall, Valerio Selis, Ronghui Mu) · Alan Turing Institute · 2023–2024 · More Info

SPACE: fully decentralised distributed learning for tradeoff of privacy, accuracy, communication complexity, and efficiency

Role: PI (with Xingyu Zhao, Yi Dong) · Innovate UK · 2022–2023 · More Info

SOLITUDE: Safety Argument for Learning-enabled Autonomous Underwater Vehicles

Role: PI (with Xingyu Zhao, Simon Maskell, Sven Schewe, Sen Wang) · Dstl · 2020–2022 · More Info

FOCETA — Foundations for Continuous Engineering of Trustworthy Autonomy

Role: Liverpool lead (with Sven Schewe) · EU H2020 · 2020–2023 · More Info

EnnCore: End-to-End Conceptual Guarding of Neural Architectures

Role: Liverpool lead · EPSRC · 2021–2024 · More Info

MBDA & WSTC project on "Adaptive & reactive mission execution"

Role: PI (with Jason Ralph, Simon Maskell) · 2019–2020

Dstl PhD studentship on "Statistical Approach to Assess the Trustworthiness of Robotics and AI"

Role: PI · 2020–2024

Test Coverage Metrics for Artificial Intelligence — v2.0

Role: PI (with Simon Maskell, Sven Schewe) · Dstl · 2019–2021 · More Info

Test Coverage Metrics for Artificial Intelligence

Role: PI (with Simon Maskell, Sven Schewe, Daniel Kroening) · Dstl · 2018–2019 · More Info

EPSRC ORCA (Offshore Robotics for Certification of Asset) Hub

Co-I (PI at Liverpool: Michael Fisher, with Mike Jump) · EPSRC · 2017–2021

EPSRC 2018 Vacation Bursary Programme project

Role: PI · 2018

KTP Project with Kadfire

Role: Co-I · 2017–2019

Lockey Grant, Oxford University

Role: PI · 2015

Community Leadership

Workshops — Co-chairing AISafety@IJCAI and SafeAI@AAAI every year since 2019
Turing Interest Group — Co-organising Neuro-Symbolic AI at the Alan Turing Institute
Standards — SAE G-34/EUROCAE WG-114 (aviation AI)
Major Consortium — Coordinating RobustifAI (EU Horizon, €9.3M, 18 partners, 11 countries)
Textbook — Machine Learning Safety (Springer, 2023): 61,000+ accesses as of April 2026, used in courses worldwide
UK-US PETs Prize — Stage 1 winner; "Novel Modelling/Design" special recognition at Stage 2

Program Committee Memberships

ECAI 2020
AITest2020
HCML2019 at NeurIPS2019
SPML19 at ICML2019
AdvMLCV2019 at CVPR2019
SafeML2019 at ICLR2019
DebugML-19 at ICLR2019
AAMAS 2019, 2020
AAAI 2019 workshop on Safe Artificial Intelligence (co-chair)
NIPS 2018 workshop on security in machine learning
AAAI 2018, 2019, 2020
IEEE FMI 2018, 2019
IJCAI 2018, 2019, 2020
KR 2016
PRIMA 2015, 2016, 2017, 2018

Key Departmental Administrative Roles

Undergraduate Admission Tutor
REF review panel member

Open Positions

Please check the Home tab for current openings. We have funded positions via RobustifAI (EU Horizon) and AISI (EPSRC).

Alumni Destinations

Our 10+ PhD graduates and postdocs now hold faculty and research positions at Exeter, Southampton, Warwick, Manchester, Imperial College London, MBZUAI, Purple Mountain Laboratories, and other institutions worldwide.

Postdocs / Graduate Research Associates

Dr Yingjie Wang 2025 –
Dr Rajarshi Roy 2025 –
Mr Tianle Zhang 2023–2024
Dr Yanghao Zhang 2022–2024, now postdoc at Imperial College London
Dr Ronghui Mu 2023–2024, now permanent lecturer at University of Exeter
Dr Qiyi Tang 2021–2022, now permanent lecturer at University of Liverpool
Dr Yi Dong 2021–2023, now permanent at University of Southampton
Dr Xingyu Zhao 2021, now permanent at University of Warwick
Dr Nicolas Berthier 2019–2021
Dr Youcheng Sun 2018–2019, now permanent at University of Manchester

PhD Students (Primary Supervisor)

If you are interested in doing a PhD in relevant research areas with me, please feel free to contact me. University of Liverpool has a set of established scholarship schemes, including Liverpool CSC award and Sir Joseph Rotblat Alumni Scholarship.

Mr Qigong He 2025 –
Ms Amal Alotaibi 2025 –
Ms Yifan Su 01/2025 –
Mr Xinmiao Huang
Neural-symbolic generative AI
11/2024 –
Mr Jinwei Hu 12/2023 –
Ms Sahar Alzahrani (co-supervisors: Prof Sven Schewe, Dr Chao Huang)
Verification of Deep Learning
01/2022 –
Mr Sihao Wu (co-supervisors: Dr Xingyu Zhao, Dr Xinping Yi)
Deep Reinforcement Learning Safety
12/2021 –
Mr Yi Qi (co-supervisor: Dr Xingyu Zhao)
Safety Assurance for Learning
10/2021 –
Mr Kaiwen Cai (co-supervisor: Dr. Shan Luo)
Autonomous cyber physical systems
10/2020–07/2024, now at Li Auto
Mr Dengyu Wu (co-supervisor: Dr. Xinping Yi)
Energy efficient deep learning
10/2019–07/2024, now postdoc at King's College London
Ms Peipei Xu (co-supervisor: Prof. Frank Wolter)
Verification of deep learning
06/2019–07/2024, now a postdoc
Ms Amany Alshareef (co-supervisor: Prof. Sven Schewe)
Testing deep learning
03/2019–12/2023
Dr Gaojie Jin (co-supervisor: Dr. Xinping Yi)
Reliable Deep Neural Networks with Randomised Weights
03/2019–07/2023, now at University of Exeter
Dr Wei Huang (co-supervisor: Prof. Shang-Hong Lai, NTHU Taiwan)
Verification and Validation of Machine Learning Safety
02/2019–07/2023, now at Purple Mountain Laboratories
Ms Emese Thamo (co-supervisor: Dr Yannis Goulermas)
Improving the Safety of Deep Reinforcement Learning Algorithms by Making Them More Interpretable
10/2018 – (writing up)

Visitors

Dr Chen Zhang, China University of Mining and Technology. 12/2019–11/2020
Mr Zhixuan Xu, Renmin University of China. 10/2019–10/2020
Mr Francesco Crecchi, University of Pisa, Italy. 04/2019–06/2019

The "Robotics and Artificial Intelligence" Reading Group holds a weekly meeting where one member gives a 30–40 minute talk — discussing their own papers, papers from other research groups, or topics of interest. This is followed by Q&A and group discussion.

Membership

Anyone can join by request. If you are interested, please feel free to drop me a message.

Venue & Meeting Time

Meetings are held weekly, both in-person and via Zoom (hybrid). Tuesday 11:00–12:00, UK time.

Talk Schedule

Please refer to the TACPS lab reading group page for detailed schedule information.

Teaching

Semester 1, Ongoing since 2018. Undergraduate, Second Year. Advanced Artificial Intelligence.
- Teaching materials available at GitHub: AI Safety Lecture Notes
Semester 2, 2017/2018. Undergraduate, Second Year. Principle of Computer Game Design and Implementation