About Me
Hi! My name is Suha Sabi Hussain. I'm an AI/ML security engineer.
You can contact me at suhashussain1 ‘at’ gmail ‘dot’ com or @suhackerr on Twitter.
AI/ML Security
Trail of Bits
Weaponizing image scaling against production AI systems
Hijacking multi-agent systems in your pajaMAS
Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs
Lightweight Design Review of the 6079 Proof-of-Inference Protocol (Public Report)
Meta WhatsApp Private Processing Security Assessment (Public Report)
Sleepy Pickle: Hybrid ML Exploit Chaining Pickle Insecurity and Model Backdoors
- Note: I contributed to the initial PoC.
- Blog post
List of ML File Formats (GitHub Repository)
MLFiles - Using Input-Handling Bugs to Inject Backdoors Into Machine Learning Pipelines
Assessing the security posture of a widely used vision model: YOLOv7
Secure your machine learning with Semgrep
DEF CON 30 AI Village: Panel: The Use of AI/ML in Offensive Security Operations.
Never a Dill Moment: Exploiting Machine Learning Pickle Files
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning
NYU CCS
COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity
- IEEE Transactions on Information Forensics and Security (Paper)
- Invited Talk for the NSA Board of Directors
A New Method for the Exploitation of Speech Recognition Systems
- Invited Talk at the NSA Research Directorate
- Computational Cybersecurity for Compromised Environments Workshop