
Zhuoran (Newt) Tan
If it’s right, time will catch up.
PhD Candidate · Security Researcher/Engineer · Software & AI Supply Chain Security · Application & AI Security
I am a PhD candidate in Computing Science at the University of Glasgow, working on software and AI supply chain security, application security, and AI-native threat detection.
My work sits at the intersection of security engineering and machine learning: I build graph-based models, runtime analysis pipelines, and security tools that turn logs, execution traces, dependency metadata, and AI system behaviors into actionable threat signals.
I build production-oriented tools in Python, Go, and Rust, with cross-ecosystem security analysis experience across NPM (node.js), JVM systems, C/C++, Bash, Docker, and CI/CD workflows.
Research Interests
- Software & AI Supply Chain Security — dependency attacks, model poisoning, SBOM/SLSA enforcement
- Application & Product Security — secure SDLC, threat modeling, runtime sandboxing, DevSecOps, and AI-enabled application security
- Threat Detection & Attack Attribution — log parsing, causal reasoning, anomaly detection at scale
- Graph Learning for Security — temporal graphs, provenance graphs, attack-chain reconstruction
Recent News
- 2026-06 — !! Submitted my thesis, marking a major milestone toward the completion of my degree.
- 2026-06 - Accepted an offer from TryHackMe as an incoming Senior AI Security Content Engineer on a part-time basis, starting July 2026.
- 2026-05 - !! Our co-authored paper, FedHera: Towards Drift-Resilient Federated Fine-tuning with Heterogeneous Resources, has been accepted as a regular paper at ICML 2026. Congrats to Xiao Ke!
Medium · GitHub · Google Scholar · LinkedIn · ResearchGate · Credly
Posts
-
Github CI/CD Pipeline Security
-
Distributed Graph Processing in Practice: From Python Parallelism to Rust and Go
subscribe via RSS