Applied Scientist with over 6 years of combined industry and research experience in Computer Vision, Generative AI, and LLMs. Experienced in foundation models, prompt engineering, and model optimization, with research spanning model robustness, backdoor security, and efficient AI. Authored 20 papers in top AI venues (NeurIPS, CVPR, ECCV, AAAI, TMLR, WACV) and recipient of the Amazon Inventor Award for innovation.
Work Experience
Applied Scientist
Amazon, Returns & Recommerce, Bellevue, WA, USA
Jul 2024 - Current
Built an automated evaluation framework for multi-turn LLM conversations, applying automatic prompt optimization for foundation models to develop LLM-as-a-Judge evaluations of question quality, logical flow, hallucination, and policy compliance, standardizing metrics across 5M+ customer–LLM dialogues per day.
Designed and deployed Responsible AI guardrails for return-related conversations, implementing safeguards against misuse, prompt injection, and content violations; optimized for real-time inference with 50+ transactions per second (TPS) to ensure fast and cost-efficient performance at production scale.
Developed an evaluation pipeline for customer comments and LLM-generated follow-up questions, using RAG-based retrieval and prompt engineering to measure information gain in responses and assess question relevance, clarity, and safety; eliminated manual review, saving over $500K and 25,000+ hours of labeling annually.
Extended diffusion-model research into a framework for safeguarding customer images against generative misuse, enabling practical image protection in Amazon’s Responsible AI ecosystem; recognized through a WACV 2025 publication, a pending patent, and the Amazon Inventor Award for innovation and impact.
Applied Scientist Intern
Amazon, Alexa AI, Sunny Vale, CA, USA
Jun 2023 - Sep 2023
Developed a novel and practical defense method to protect user images in real-time from identity theft and copyright misuse in generative diffusion models by introducing latent-space adversarial perturbations.
Engineered an optimized perturbation generation and inference framework that accelerated processing speed by 150x (from ~30s to 0.2s per image) and reduced memory usage by 2.6x while maintaining protection performance.
Evaluated the system on three public diffusion benchmarks and 10 000+ real-world samples using over 10 evaluation metrics, demonstrating superior protection strength, visual fidelity, and generalization with up to 20% improvement over existing diffusion-model protection methods.
AI/ML Engineer Intern
MoMo (M_Service), Ho Chi Minh City, Vietnam
Jun 2021 - Sep 2021
Developed an end-to-end machine learning pipeline for data cleaning, labeling, and DNN training, enabling accurate ID card information extraction and powering an in-house ID verification system used by 10M+ users.
Designed and deployed a secure internal data-labeling platform integrated into the pipeline, processing 20 000+ high-quality annotations and reducing external labeling costs by more than $100 K.
Enhanced OCR model performance by 10% through targeted data curation and model fine-tuning, delivering production-level accuracy and reliability in large-scale deployment.
Graduate Research Assistant
Rutgers University, New Brunswick, NJ, USA
Sep 2020 - May 2024
Conducted research in deep learning, robustness, and efficient AI; led experiments, hosted weekly paper discussions, and presented findings through academic publications and conference talks, resulting in 16 published papers.
Supported course instructors by organizing weekly recitations, grading assignments, and holding office hours; assisted over 200 students in foundational and advanced computer engineering and machine learning courses.
Featured Publications
[NeurIPS 2025] Xiao, J., Luo, C., Huang, L., Yang, C., Sui, Y., Phan, H., Zang, X., Ying, Y., Anandkumar, A., and Yuan, B. “EcoSpa: Efficient Transformer Training with Coupled Sparsity.” Advances in Neural Information Processing Systems.
[TMLR 2025] Sui, Y., Phan, H., Xiao, J., Zhang, T., Tang, Z., Shi, C., Wang, Y., Chen, Y., and Yuan, B. “DisDet: Exploring Detectability of Backdoor Attacks on Diffusion Models.” Transactions on Machine Learning Research.
[WACV 2025]Phan, H., Huang, B., Jaiswal, A., Sabir, E., Singhal, P., and Yuan, B. “Latent Diffusion Shield: Mitigating Malicious Use of Diffusion Models through Latent-Space Adversarial Perturbations.” Winter Conference on Applications of Computer Vision.
[ECCV 2024]Phan, H., Xiao, J., Sui, Y., Zhang, T., Tang, Z., Shi, C., Wang, Y., Chen, Y., and Yuan, B. “Clean & Compact: Efficient Data-Free Backdoor Defense via Model Compactness.” European Conference on Computer Vision.
[MobiCom 2024] Zhang, T., Phan, H., Tang, Z., Shi, C., Wang, Y., Yuan, B., and Chen, Y. “Inaudible Backdoor Attack via Stealthy Frequency-Trigger Injection in Audio Spectrograms.” ACM International Conference on Mobile Computing and Networking.
[MMSys 2023] Tang, Z., Phan, H., Feng, X., Yuan, B., Liu, Y., and Wei, S. “Security-Preserving Live 3D Video Surveillance.” ACM Multimedia Systems Conference.
[AAAI 2023 (Oral)]Phan, H., Yin, M., Sui, Y., Zonouz, S., and Yuan, B. “CSTAR: Towards Compact and Structured Deep Neural Networks with Adversarial Robustness.” AAAI Conference on Artificial Intelligence.
[ECCV 2022]Phan, H., Shi, C., Xie, Y., Zhang, T., Li, Z., Zhao, T., Liu, J., Wang, Y., Chen, Y., and Yuan, B. “RIBAC: Towards Robust and Imperceptible Backdoor Attacks against Compact DNNs.” European Conference on Computer Vision.
[MobiCom 2022] Shi, C., Zhang, T., Li, Z., Phan, H., Zhao, T., Wang, Y., Liu, J., Yuan, B., and Chen, Y. “Audio-Domain Position-Independent Backdoor Attack via Unnoticeable Triggers.” ACM International Conference on Mobile Computing and Networking.
[ICASSP 2022]Phan, H., Xie, Y., Liu, J., Chen, Y., and Yuan, B. “Invisible and Efficient Backdoor Attacks for Compressed Deep Neural Networks.” IEEE International Conference on Acoustics, Speech, and Signal Processing.
[MMSys 2022] Ye, M., Tang, Z., Phan, H., Xie, Y., Yuan, B., and Wei, S. “Visual Privacy Protection in Mobile Image Recognition Using Protective Perturbations.” ACM Multimedia Systems Conference.
[AAAI 2022] Yin, M., Phan, H., Zang, X., Liao, S., and Yuan, B. “BATUDE: Budget-Aware Neural Network Compression Based on Tucker Decomposition.” AAAI Conference on Artificial Intelligence.
[NeurIPS 2021] Sui, Y., Yin, M., Xie, Y., Phan, H., Zonouz, S. A., and Yuan, B. “CHIP: Channel-Independence-Based Pruning for Compact Neural Networks.” Advances in Neural Information Processing Systems.
[ACM MM 2020] Tang, Z., Feng, X., Xie, Y., Phan, H., Guo, T., Yuan, B., and Wei, S. “VVSec: Securing Volumetric Video Streaming via Benign Use of Adversarial Perturbations.” ACM International Conference on Multimedia.
[AAAI 2020]Phan, H., Xie, Y., Liao, S., Chen, J., and Yuan, B. “CAG: A Real-Time, Low-Cost, Enhanced-Robustness, High-Transferability, Content-Aware Adversarial Attack Generator.” AAAI Conference on Artificial Intelligence.