Academic Activities

Program Committe

• CCS’25
• USENIX Security’25
• AAAI’25
• SaTML’24
• AISec’23, AISec’24

Reviewing

• ICLR’25, ICLR’24, ICML’24, NeurIPS’ 23
• ICML’23 TEACH Workshop
• CVPR’23, CVPR’22
• ICCV’23, ECCV’22
• TPAMI’21, TPAMI’22
• ICLR-SDG’21

Teaching

• “Opportunities and Risks of Large Language Models and Foundation Models” seminar at Saarland University - Teaching assistant - SS 2023.
• “Machine Learning in Cybersecurity” course at Saarland University - Teaching assistant - WS 2021/2022.
• “High Level Computer Vision” course at Saarland University - Teaching assistant - SS 2020.

Competitions

• Co-organized LLM CtF
• One of the main organizers of llmailinject

Talks

• Invited talk at Brave on agent security, 2025
• Invited talk at a Google DeepMind reading group on agent security, 2025
• Invited talk at UMass Amherst Security & Privacy seminars, 2025
• Invited panelist at Women in AI Security Workshop, 2025
• “On the Security of Real-World LLM-Integrated Applications”, invited talk at European Symposium on Security and Artificial Intelligence, 2024
• “On New Security and Safety Challenges Posed by LLMs and How to Evaluate Them”, invited keynote at HIDA PhD meet up, 2024
• “On Evaluating Language Models and Their Security and Safety Implications”, ETH Zurich and Vector Institute, 2023
• “Compromising LLMs: The Advent of AI Malware” at Black Hat USA, 2023.
• “How to Improve Automated Fact-Checking?” at Max Planck Institute for Software Systems, 2022.
• “Multi-modal Fact-checking: Out-of-Context Images and How to Catch Them” at UCL Information Security seminars, 2022.

Media Coverage

• Our work on ``indirect prompt injection’’ has been featured in Vice, Wired, Zeit, MIT Technology Review, and others.
• I talked to “Y-Kollektiv” about ChatGPT misinformation risks and new indirect prompting threats in the documentary: ChatGPT: What happens when the AI takes over
• I talked to “CISPA tl;dr podcast” about our work on Deepfakes and Fingerprinting.