Ergute Bao (Bob)
A clearer and better photo
I am a postdoc researcher in Mohamed bin Zayed University of Artificial Intelligence (MBZUAI), UAE, working with Ting Yu. Previously, I obtained PhD in CS from National University of Singapore (NUS), supervised by Xiaokui Xiao. My PhD thesis was on differential privacy (DP) and its applications in federated learning (FL). Previously, I obtained BSc in CS from the Chinese University of Hong Kong (CUHK). I used to work as a research intern in SEA AI Lab, Singapore, and Alibaba Group, Hangzhou. Link to my CV.
Research: I am intersted in establishing rigorous practices for private and secure AI:
- identifying risks in existing AI and LLM systems,
- formalizing these problems,
- studying them towards creating practical solutions (e.g., polynomial time algorithms) with rigorous guarantees (e.g., model utility, attack success rate, differential privacy).
See my recent works for examples: Efficient Fine-tuning LLMs with DP, and Practical Prompt Injection Attacks for Retrieval-augmented LLM Systems.
I am also interested in synthesizing data with formal privacy guarantees. During my PhD study, I was in two DP contests held by NIST, in synthesizing data with formal DP guarantees. Our team won the third place in 2018 and
the first place in 2020.
- Overcoming the Retrieval Barrier: Indirect Prompt Injection in the Wild for LLM Systems.
Hongyan Chang, E. Bao, Xinjian Luo, and Ting Yu.
USENIX Conference on Security Symposium (USENIX Security), to appear, 2026. Full version.
- Unlocking the Power of Differentially Private Zeroth-order Optimization for Fine-tuning LLMs.
E. Bao, Yangfan Jiang, Fei Wei, Xiaokui Xiao, Zitao Li, Yaliang Li, and Bolin Ding
USENIX Conference on Security Symposium (USENIX Security), 2025. PDF. Erratum. Full version.
- Towards Learning on Vertically Partitioned Data with Distributed Differential Privacy.
E. Bao, Fei Wei, Xiaokui Xiao, Yin Yang, Tianyu Pang, and Chao Du
IEEE International Conference on Data Engineering (ICDE), 2025. PDF.
- AAA: an Adaptive Mechanism for Locally Differential Private Mean Estimation.
Fei Wei, E. Bao, Xiaokui Xiao, Yin Yang, and Bolin Ding.
International Conference on Very Large Data Bases (PVLDB), 2024. PDF. Full version.
- Skellam Mixture Mechanism: a Novel Approach to Federated Learning with Differential Privacy
E. Bao, Yizheng Zhu, Xiaokui Xiao, Yin Yang, Beng Chin Ooi, Benjamin H.M. Tan, and Khin M.M. Aung
International Conference on Very Large Data Bases (PVLDB), 2022. PDF.
- DPIS: an Enhanced Mechanism for Differentially Private SGD with Importance Sampling
Jianxin Wei, E. Bao, Xiaokui Xiao, and Yin Yang
ACM SIGSAC Conference on Computer and Communications Security (CCS), 2022.PDF.
- CGM: An Enhanced Mechanism for Streaming Data Collection with Local Differential Privacy
E. Bao, Yin Yang, Xiaokui Xiao, and Bolin Ding
International Conference on Very Large Data Bases (PVLDB), 2021. PDF.
- Synthetic Data Generation with Differential Privacy via Bayesian Networks
E. Bao, Xiaokui Xiao, Jun Zhao, Dongping Zhang, and Bolin Ding
Journal of Privacy and Confidentiality (JPC), 2021, 11(3). Invited paper, based on our solution for 2018 NIST DP challenge. PDF.
Services:
- I am/was a program committee member in:
- ACM SIGMOD/PODS International Conference on Management of Data (SIGMOD): 2027
- International Conference on Very Large Data Bases (VLDB): 2026 2027
- IEEE International Conference on Data Engineering (ICDE): 2026
- International Conference on Database Systems for Advanced Applications (DASFAA): 2023-24 (Demo track) 2026 (Demo track)
- I am a reviewer for:
- The International Journal on Very Large Data Bases (VLDBJ)
- IEEE Transactions on Knowledge and Data Engineering (TKDE)
- ACM Transactions on Knowledge Discovery from Data (TKDD)
- IEEE Transactions on Big Data (TBD)
- IEEE Transactions on Dependable and Secure Computing (TDSC)
- IEEE Transactions on Information Forensics and Security (TIFS)
Contact:
Email: baoergute8@gmail.com
Last updated: Mar 2026
