Deep learning, represented by large language models, is revolutionizing human lives. However, trustworthiness threats in deep learning widely exist, posing great challenges to AI safety, security, and reliability. This course introduces state-of-the-art frontiers on deep learning research for a wide range of trustworthiness issues, including threat discovery, mitigation, and certification methods through seminar-style presentations and hands-on projects.

This is a seminar-style course for trustworthy deep learning. The first half of the course is an overview of deep learning and preliminaries for trustworthy AI methods, including training of neural networks, common neural network architectures, large language models, the definition of AI attacks, defenses, and certification and verification in the context of AI. The second half of the course visits representative and recent research papers in the field through student presentations, covering topics like evasion attacks and defenses, robustness certification, differential privacy, membership inference attacks, watermarks, detection of AI-generated contents, machine unlearning, prompt injection attacks, model stealing, and finetuning attacks.

Schedule and Syllabus #

Syllabus

Slides will be updated as the term progresses. All slides are available in this OneDrive folder. The slides are password encrypted - password posted on CourSys.

Assignments and Project #

• Homework 0
  • Deadline: 23:59, May 23, 2026 (end of week 2) May 30, 2026 (end of week 3)
  • Grades released
• Presentation:
  • Signing-up spreadsheet and instructions released on May 28 on CourSys for signing up
  • Signing-up due date: Jun 18 (Week 6 Thursday)
• Course project:
  • Released on Week 5 (Jun 11)
  • Development kit
  • Instruction Slides
  • Due: Beginning of Week 13 (Aug 4)
• Note Submission:
  • Submission links dynamically released on CourSys
  • Only for student presentation dates
  • Due 7 days after each presentation date
  • Submit on CourSys
  • Up to 3 exemptions

Grading #

10% Homework 0 (raw score) + 40% course project (1.1 × raw score with no cap) + 30% paper presentation + 20% notes of peer evaluation and summary

Information Platform #

• Course website (here)
• CourSys
• Piazza
• Syllabus

Prerequisites #

There is no formal pre-requisite. Background in algorithms, calculus, linear algebra (e.g., MATH 151, MATH 152, MATH 232, CMPT 225), CMPT 410/726 Machine Learning strongly recommended. It is also recommended to have a background in CMPT 412/762 Computer Vision and CMPT 713 NLP.

Textbook and Reading Materials #

There is no primary reference material. We will read an assortment of research papers during lectures.

• Deep Learning Book
  • By Ian Goodfellow, Yoshua Bengio, and Aaron Courville
  • Recommended for students to gain background in deep learning before taking the course.
• Online course Intro to ML Safety
  • By Dan Hendrycks at the Center for AI Safety
  • Optional, advanced reading for interested students
  • A well-developed course recommended for those who want to learn general machine learning safety from a systematic and interdisciplinary perspective.

Ethics Statement #

This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.

Academic Integrity Policy #

• Some examples of unacceptable behaviour in homeworks and course projects:
  • Handing in assignments that are not 100% your own work (in design, implementation, wording, etc.), without proper citation. There must be a README file in your submission with citations to any external code used.
  • Sharing code fragments with others in class (for group project, with others who are not in the same group) is not allowed.
  • Keep discussions to high level information rather than specific code hints.
  • Copying and then obfuscating code is a serious academic honesty violation.
  • Submitting work that has been submitted before, for any course at any institution.
• If you are unclear on what academic honesty is, see Simon Fraser University’s Policy S10-01.
• All instances of academic dishonesty will be dealt with very severely.
• In general, minimum requested penalties will be as follows:
  • For assignments and course projcets: a mark of -50% on the assignment. So, academic dishonesty on an assignment worth 10% of your final mark will result in a zero on the assignment, and a penalty of 5% from your final grade.
• Please note that these are minimum penalties. At the instructor’s option, more severe penalties may be given/requested. All instances of academic dishonesty will be noted on your University record.
• The instructor may use an automated service that will check for plagiarism.

LLM Policy:

LLMs can be used for study core concepts and usage of packages at a high level. Also, LLMs can be used as code completion assistants. However, LLMs are not allowed to finish the assignment as a whole or any significant component of the assignment from scratch. Violators will be viewed as breach of academic integrity.

Acknowledgement #

The course is developed from CS562 and CS598GS at UIUC. Part of the content is adapted from Intro to ML Safety. Some course policies are developed from CMPT 413 Natural Language Processing.