We stand with Ukraine  

Ahmed Salem

Affiliations:
  • CISPA Helmholtz Center for Information Security, Saarbrücken, Germany


According to our database1, Ahmed Salem authored at least 41 papers between 2018 and 2025.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

Online presence:

On csauthors.net:

Bibliography

2025
A Representation Engineering Perspective on the Effectiveness of Multi-Turn Jailbreaks.
[BibTeX]
[DOI]
Blake Bullwinkel
,
Mark Russinovich
,
Ahmed Salem
,
Santiago Zanella-Béguelin
,
Daniel Jones
,
Giorgio Severi
,
Eugenia Kim
,
Keegan Hines
,
Amanda J. Minnich
,
Yonatan Zunger
,
Ram Shankar Siva Kumar
CoRR, July, 2025

LogiPlan: A Structured Benchmark for Logical Planning and Relational Reasoning in LLMs.
[BibTeX]
[DOI]
Yanan Cai
,
Ahmed Salem
,
Besmira Nushi
,
Mark Russinovich
CoRR, June, 2025

LLMail-Inject: A Dataset from a Realistic Adaptive Prompt Injection Challenge.
[BibTeX]
[DOI]
Sahar Abdelnabi
,
Aideen Fay
,
Ahmed Salem
,
Egor Zverev
,
Kai-Chieh Liao
,
Chi-Huang Liu
,
Chun-Chih Kuo
,
Jannis Weigend
,
Danyael Manlangit
,
Alex Apostolov
,
Haris Umair
,
João Donato
,
Masayuki Kawakita
,
Athar Mahboob
,
Tran Huu Bach
,
Tsun-Han Chiang
,
Myeongjin Cho
,
Hajin Choi
,
Byeonghyeon Kim
,
Hyeonjin Lee
,
Benjamin Pannell
,
Conor McCauley
,
Mark Russinovich
,
Andrew Paverd
,
Giovanni Cherubin
CoRR, June, 2025

Securing AI Agents with Information-Flow Control.
[BibTeX]
[DOI]
Manuel Costa
,
Boris Köpf
,
Aashish Kolluri
,
Andrew Paverd
,
Mark Russinovich
,
Ahmed Salem
,
Shruti Tople
,
Lukas Wutschitz
,
Santiago Zanella-Béguelin
CoRR, May, 2025

Linear Control of Test Awareness Reveals Differential Compliance in Reasoning Models.
[BibTeX]
[DOI]
Sahar Abdelnabi
,
Ahmed Salem
CoRR, May, 2025

Jailbreaking is (Mostly) Simpler Than You Think.
[BibTeX]
[DOI]
Mark Russinovich
,
Ahmed Salem
CoRR, March, 2025

Obliviate: Efficient Unmemorization for Protecting Intellectual Property in Large Language Models.
[BibTeX]
[DOI]
Mark Russinovich
,
Ahmed Salem
CoRR, February, 2025

Get My Drift? Catching LLM Task Drift with Activation Deltas.
[BibTeX]
[DOI]
Sahar Abdelnabi
,
Aideen Fay
,
Giovanni Cherubin
,
Ahmed Salem
,
Mario Fritz
,
Andrew Paverd
Proceedings of the IEEE Conference on Secure and Trustworthy Machine Learning, 2025

2024
The Price of Intelligence: Three risks inherent in LLMs.
[BibTeX]
[DOI]
Mark Russinovich
,
Ahmed Salem
,
Santiago Zanella-Béguelin
,
Yonatan Zunger
ACM Queue, 2024

Permissive Information-Flow Analysis for Large Language Models.
[BibTeX]
[DOI]
Shoaib Ahmed Siddiqui
,
Radhika Gaonkar
,
Boris Köpf
,
David Krueger
,
Andrew Paverd
,
Ahmed Salem
,
Shruti Tople
,
Lukas Wutschitz
,
Menglin Xia
,
Santiago Zanella-Béguelin
CoRR, 2024

Vera Verto: Multimodal Hijacking Attack.
[BibTeX]
[DOI]
Minxing Zhang
,
Ahmed Salem
,
Michael Backes
,
Yang Zhang
CoRR, 2024

Breaking Agents: Compromising Autonomous LLM Agents Through Malfunction Amplification.
[BibTeX]
[DOI]
Boyang Zhang
,
Yicong Tan
,
Yun Shen
,
Ahmed Salem
,
Michael Backes
,
Savvas Zannettou
,
Yang Zhang
CoRR, 2024

Hey, That's My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique.
[BibTeX]
[DOI]
Mark Russinovich
,
Ahmed Salem
CoRR, 2024

SOS! Soft Prompt Attack Against Open-Source Large Language Models.
[BibTeX]
[DOI]
Ziqing Yang
,
Michael Backes
,
Yang Zhang
,
Ahmed Salem
CoRR, 2024

Are you still on track!? Catching LLM Task Drift with Activations.
[BibTeX]
[DOI]
Sahar Abdelnabi
,
Aideen Fay
,
Giovanni Cherubin
,
Ahmed Salem
,
Mario Fritz
,
Andrew Paverd
CoRR, 2024

Great, Now Write an Article About That: The Crescendo Multi-Turn LLM Jailbreak Attack.
[BibTeX]
[DOI]
Mark Russinovich
,
Ahmed Salem
,
Ronen Eldan
CoRR, 2024

Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition.
[BibTeX]
[DOI]
Edoardo Debenedetti
,
Javier Rando
,
Daniel Paleka
,
Silaghi Fineas Florin
,
Dragos Albastroiu
,
Niv Cohen
,
Yuval Lemberg
,
Reshmi Ghosh
,
Rui Wen
,
Ahmed Salem
,
Giovanni Cherubin
,
Santiago Zanella-Béguelin
,
Robin Schmid
,
Victor Klemm
,
Takahiro Miki
,
Chenhao Li
,
Stefan Kraft
,
Mario Fritz
,
Florian Tramèr
,
Sahar Abdelnabi
,
Lea Schönherr
Proceedings of the Advances in Neural Information Processing Systems 38: Annual Conference on Neural Information Processing Systems 2024, 2024

Detection and Attribution of Models Trained on Generated Data.
[BibTeX]
[DOI]
Ge Han
,
Ahmed Salem
,
Zheng Li
,
Shanqing Guo
,
Michael Backes
,
Yang Zhang
Proceedings of the IEEE International Conference on Acoustics, 2024

2023
Maatphor: Automated Variant Analysis for Prompt Injection Attacks.
[BibTeX]
[DOI]
Ahmed Salem
,
Andrew Paverd
,
Boris Köpf
CoRR, 2023

Rethinking Privacy in Machine Learning Pipelines from an Information Flow Control Perspective.
[BibTeX]
[DOI]
Lukas Wutschitz
,
Boris Köpf
,
Andrew Paverd
,
Saravan Rajmohan
,
Ahmed Salem
,
Shruti Tople
,
Santiago Zanella-Béguelin
,
Menglin Xia
,
Victor Rühle
CoRR, 2023

Comprehensive Assessment of Toxicity in ChatGPT.
[BibTeX]
[DOI]
Boyang Zhang
,
Xinyue Shen
,
Wai Man Si
,
Zeyang Sha
,
Zeyuan Chen
,
Ahmed Salem
,
Yun Shen
,
Michael Backes
,
Yang Zhang
CoRR, 2023

Last One Standing: A Comparative Analysis of Security and Privacy of Soft Prompt Tuning, LoRA, and In-Context Learning.
[BibTeX]
[DOI]
Rui Wen
,
Tianhao Wang
,
Michael Backes
,
Yang Zhang
,
Ahmed Salem
CoRR, 2023

Two-in-One: A Model Hijacking Attack Against Text Generation Models.
[BibTeX]
[DOI]
Wai Man Si
,
Michael Backes
,
Yang Zhang
,
Ahmed Salem
Proceedings of the 32nd USENIX Security Symposium, 2023

UnGANable: Defending Against GAN-based Face Manipulation.
[BibTeX]
[DOI]
Zheng Li
,
Ning Yu
,
Ahmed Salem
,
Michael Backes
,
Mario Fritz
,
Yang Zhang
Proceedings of the 32nd USENIX Security Symposium, 2023

SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning.
[BibTeX]
[DOI]
Ahmed Salem
,
Giovanni Cherubin
,
David Evans
,
Boris Köpf
,
Andrew Paverd
,
Anshuman Suri
,
Shruti Tople
,
Santiago Zanella-Béguelin
Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Analyzing Leakage of Personally Identifiable Information in Language Models.
[BibTeX]
[DOI]
Nils Lukas
,
Ahmed Salem
,
Robert Sim
,
Shruti Tople
,
Lukas Wutschitz
,
Santiago Zanella-Béguelin
Proceedings of the 44th IEEE Symposium on Security and Privacy, 2023

Bayesian Estimation of Differential Privacy.
[BibTeX]
[DOI]
Santiago Zanella-Béguelin
,
Lukas Wutschitz
,
Shruti Tople
,
Ahmed Salem
,
Victor Rühle
,
Andrew Paverd
,
Mohammad Naseri
,
Boris Köpf
,
Daniel Jones
Proceedings of the International Conference on Machine Learning, 2023

2022
Adversarial inference and manipulation of machine learning models.
[BibTeX]
[DOI]
Ahmed Salem
PhD thesis, 2022

ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models.
[BibTeX]
[DOI]
Yugeng Liu
,
Rui Wen
,
Xinlei He
,
Ahmed Salem
,
Zhikun Zhang
,
Michael Backes
,
Emiliano De Cristofaro
,
Mario Fritz
,
Yang Zhang
Proceedings of the 31st USENIX Security Symposium, 2022

Get a Model! Model Hijacking Attack Against Machine Learning Models.
[BibTeX]
[DOI]
Ahmed Salem
,
Michael Backes
,
Yang Zhang
Proceedings of the 29th Annual Network and Distributed System Security Symposium, 2022

Dynamic Backdoor Attacks Against Machine Learning Models.
[BibTeX]
[DOI]
Ahmed Salem
,
Rui Wen
,
Michael Backes
,
Shiqing Ma
,
Yang Zhang
Proceedings of the 7th IEEE European Symposium on Security and Privacy, 2022

2021
MLCapsule: Guarded Offline Deployment of Machine Learning as a Service.
[BibTeX]
[DOI]
Lucjan Hanzlik
,
Yang Zhang
,
Kathrin Grosse
,
Ahmed Salem
,
Maximilian Augustin
,
Michael Backes
,
Mario Fritz
Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, 2021

BadNL: Backdoor Attacks against NLP Models with Semantic-preserving Improvements.
[BibTeX]
[DOI]
Xiaoyi Chen
,
Ahmed Salem
,
Dingfan Chen
,
Michael Backes
,
Shiqing Ma
,
Qingni Shen
,
Zhonghai Wu
,
Yang Zhang
Proceedings of the ACSAC '21: Annual Computer Security Applications Conference, Virtual Event, USA, December 6, 2021

2020
Don't Trigger Me! A Triggerless Backdoor Attack Against Deep Neural Networks.
[BibTeX]
[DOI]
Ahmed Salem
,
Michael Backes
,
Yang Zhang
CoRR, 2020

BAAAN: Backdoor Attacks Against Autoencoder and GAN-Based Machine Learning Models.
[BibTeX]
[DOI]
Ahmed Salem
,
Yannick Sautter
,
Michael Backes
,
Mathias Humbert
,
Yang Zhang
CoRR, 2020

BadNL: Backdoor Attacks Against NLP Models.
[BibTeX]
[DOI]
Xiaoyi Chen
,
Ahmed Salem
,
Michael Backes
,
Shiqing Ma
,
Yang Zhang
CoRR, 2020

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning.
[BibTeX]
[DOI]
Ahmed Salem
,
Apratim Bhattacharya
,
Michael Backes
,
Mario Fritz
,
Yang Zhang
Proceedings of the 29th USENIX Security Symposium, 2020

2019
Privacy-Preserving Similar Patient Queries for Combined Biomedical Data.
[BibTeX]
[DOI]
Ahmed Salem
,
Pascal Berrang
,
Mathias Humbert
,
Michael Backes
Proc. Priv. Enhancing Technol., 2019

ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models.
[BibTeX]
[DOI]
Ahmed Salem
,
Yang Zhang
,
Mathias Humbert
,
Pascal Berrang
,
Mario Fritz
,
Michael Backes
Proceedings of the 26th Annual Network and Distributed System Security Symposium, 2019

MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples.
[BibTeX]
[DOI]
Jinyuan Jia
,
Ahmed Salem
,
Michael Backes
,
Yang Zhang
,
Neil Zhenqiang Gong
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2018
ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models.
[BibTeX]
[DOI]
Ahmed Salem
,
Yang Zhang
,
Mathias Humbert
,
Mario Fritz
,
Michael Backes
CoRR, 2018


  Loading...