About Me

Hi! My name is Suha Sabi Hussain.

I’m a security engineer on the AI/ML assurance team at Trail of Bits. I received my BS in Computer Science from Georgia Tech (with threads in people and theory).

You can contact me at suhashussain1 ‘at’ gmail ‘dot’ com or @suhackerr on Twitter.

AI/ML Security

Trail of Bits

Weaponizing image scaling against production AI systems

Hijacking multi-agent systems in your pajaMAS

Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs

HOPE XV
BSides Las Vegas
DEFCON 32 (Slides)
Invited Talk for the NVIDIA Security Team

Lightweight Design Review of the 6079 Proof-of-Inference Protocol (Public Report)

EZKL security assessment (Public Report)

Sleepy Pickle: Hybrid ML Exploit Chaining Pickle Insecurity and Model Backdoors

Note: I contributed to the initial PoC.
Blog post

Relishing new Fickling features for securing ML systems (Blog Post)

List of ML File Formats (GitHub Repository)

MLFiles - Using Input-Handling Bugs to Inject Backdoors Into Machine Learning Pipelines

UCSC LSD Seminar Talk
Undergraduate Thesis

Assessing the security posture of a widely used vision model: YOLOv7

Safetensors security assessment (Public Report)

Secure your machine learning with Semgrep

DEF CON 30 AI Village: Panel: The Use of AI/ML in Offensive Security Operations.

ToB Podcast Episode: W/Internships

Never a Dill Moment: Exploiting Machine Learning Pickle Files

PrivacyRaven: Comprehensive Privacy Testing for Deep Learning

NYU CCS

COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity

IEEE Transactions on Information Forensics and Security (Paper)
Invited Talk for the NSA Board of Directors

A New Method for the Exploitation of Speech Recognition Systems

Invited Talk at the NSA Research Directorate
Computational Cybersecurity for Compromised Environments Workshop