About Me

Hi! My name is Suha Sabi Hussain.

I’m a security engineer on the AI/ML assurance team at Trail of Bits. I’ve worked on projects such as the Safetensors security audit and Fickling. I received my BS in Computer Science from Georgia Tech (with threads in people and theory).

Outside of work, I'm a member of Hack Manhattan, a practitioner of Brazilian Jiu-Jitsu, and an appreciator of NYC restaurants.

You can contact me at suhashussain1 ‘at’ gmail ‘dot’ com or @suhackerr on Twitter.

AI/ML Security

Trail of Bits

Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs

Sleepy Pickle: Hybrid ML Exploit Chaining Pickle Insecurity and Model Backdoors

Relishing new Fickling features for securing ML systems (Blog Post) 

List of ML File Formats (GitHub Repository)

MLFiles - Using Input-Handling Bugs to Inject Backdoors Into Machine Learning Pipelines 

Assessing the security posture of a widely used vision model: YOLOv7 

Safetensors security assessment (Public Report)
Secure your machine learning with Semgrep 
DEF CON 30 AI Village: Panel: The Use of AI/ML in Offensive Security Operations. 
ToB Podcast Episode: W/Internships
Never a Dill Moment: Exploiting Machine Learning Pickle Files 
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning 

NYU CCS

COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity 
A New Method for the Exploitation of Speech Recognition Systems