Zhuoran (Newt) Tan

If it’s right, time will catch up.

PhD Candidate · Security Researcher/Engineer · Software & AI Supply Chain Security · Application & AI Security

I am a PhD candidate in Computing Science at the University of Glasgow, working on software and AI supply chain security, application security, and AI-native threat detection.

My work sits at the intersection of security engineering and machine learning: I build graph-based models, runtime analysis pipelines, and security tools that turn logs, execution traces, dependency metadata, and AI system behaviors into actionable threat signals.

I build production-oriented tools in Python, Go, and Rust, with cross-ecosystem security analysis experience across JavaScript/TypeScript, JVM systems, C/C++, Bash, Docker, and CI/CD workflows.

Research Interests

• Software & AI Supply Chain Security — dependency attacks, model poisoning, SBOM/SLSA enforcement
• Application & Product Security — secure SDLC, threat modeling, runtime sandboxing, DevSecOps, and AI-enabled application security
• Threat Detection & Attack Attribution — log parsing, causal reasoning, anomaly detection at scale
• Graph Learning for Security — temporal graphs, provenance graphs, attack-chain reconstruction

Recent News

• 2026-04 — Check the new arxiv for MCP Security Evaluation Work, which covers multi-modal attacks, jailbreak, tool injections, etc.
• 2026-03 — !! Our LLM Supply Chain Security position work has been accepted at LLMSC (co-located with FSE 2026)
• 2026-03 — Check the new arxiv for advanced supply chain simulation
• 2026-02 — Started my visiting to University of Edinburgh

Medium · GitHub · Google Scholar · LinkedIn · ResearchGate · Credly

Posts

• Dec 24, 2025

  Distributed Graph Processing in Practice: From Python Parallelism to Rust and Go

subscribe via RSS