Prof. Dr. Mario Fritz
Faculty
CISPA Helmholtz Center for Information Security
Professor
Saarland University
Fellow
European Laboratory for Learning and Intelligent Systems (ELLIS)
We are looking for PhD students and Post-Docs! Please get in touch.
My group is working on Trustworthy Information Processing with a focus on the intersection of AI & Machine Learning with Security & Privacy.
Recent projects and initiatives related to trustworthy AI/ML, health, privacy:
- Coordinator and PI: European Lighthouse on Secure and Safe AI (ELSA)
- Coordinator and PI: PriSyn: Representative, synthetic health data with strong privacy guarantees (BMBF)
- PI: AIgency “Opportunities and Risks of generative AI in Cybersecurity” (BMBF)
- PI: PrivateAIM – sichere verteilte Auswertung medizinischer Daten (Medizin Informatik Initiative)
- Leading Scientist: Helmholtz Medical Security, Privacy, and AI Research Center (HMSP)
- Coordinator and PI: PriSyn: Representative, synthetic health data with strong privacy guarantees
- Coordinator and PI: ImageTox: Automated image-based detection of early toxicity events in zebrafish larvae
- PI: Integrated Early Warning System for Local Recognition, Prevention, and Control for Epidemic Outbreaks (LOKI)
- Partner-PI: The German Human Genome-Phenome Archive (GHGA)
- Coordinator and PI: Trustworthy Federated Data Analytics Project (TFDA)
- Coordinator and PI: Protecting Genetic Data with Synthetic Cohorts from Deep Generative Models (PRO-GENE-GEN)
- Member of working group in “Forum Gesundheit” of BMBF: “AG Nutzbarmachung digitaler Daten für KI-Entwicklungen in der Gesundheitsforschung”
Recent work on LLMs, DeepFake/misinformation detection, attribution, and responsible disclosure:
- NAACL-Findings’24: PoLLMgraph: Unraveling Hallucinations in Large Language Models via State Transition Dynamics
- NAACL-Findings’24: SimSCOOD: Systematic Analysis of Out-of-Distribution Generalization in Fine-tuned Source Code Models
- ICLR-SET’24: Can LLMs Separate Instructions From Data? And What Do We Even Mean By That?
- ICLR-LLMAgents’24: LLM-Deliberation: Evaluating LLMs with Interactive Multi-Agent Negotiation Games
- ArXiv’24: LLM Task Interference: An Initial Study on the Impact of Task-Switch in Conversational History
- SATML’24: CodeLMSec Benchmark: Systematically Evaluating and Finding Security Vulnerabilities in Black-Box Code Language Models
- ArXiv’24: Exploring Value Biases: How LLMs Deviate Towards the Ideal
- BlackHat’23 Compromising LLMs: The Advent of AI Malware
- AISec’23: Not what you’ve signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection
- Usenix’23: UnGANable: Defending Against GAN-based Face Manipulation
- Usenix’23: Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems
- CVPR’22: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
- ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- ICCV’19: Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints
Most recent work on ArXiv:
- LLM-Deliberation: Evaluating LLMs with Interactive Multi-Agent Negotiation Games
- More than you’ve asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models
- A Unified View of Differentially Private Deep Generative Modeling
- Data Forensics in Diffusion Models: A Systematic Analysis of Membership Privacy
- Systematically Finding Security Vulnerabilities in Black-Box Code Generation Models
- Fed-GLOSS-DP: Federated, Global Learning using Synthetic Sets with Record Level Differential Privacy
- Holistically Explainable Vision Transformers
- SimSCOOD: Systematic Analysis of Out-of-Distribution Behavior of Source Code Models
- Availability Attacks Against Neural Network Certifiers Based on Backdoors
News, talks, events:
- Keynote at AISec’23 on “Trustworthy AI and A Cybersecurity Perspective on Large Language Models”
- Panelist on “AI for Cybersecurity and Adversarial AI” at EU AI Alliance Assembly
- Invited talk at ICCV’23 workshop BRAVO: roBustness and Reliability of Autonomous Vehicles in the Open-world
- Invited talk at ICCV’23 Workshop on DeepFake Analysis and Detection
- Invited talk at ICCV’23 Workshop on Out Of Distribution Generalization in Computer Vision
- Lecturer at ELLIS Summer School on Large-Scale AI for Research and Industry
- Talk at Deutscher EDV Gerichtstag
- Talk at AI, Neuroscience and Hardware: From Neural to Artificial Systems and Back Again
- Scientific Advisory Board: Bosch AIShield
- Steering Board: Helmholtz.AI
- Recent program committees: ICML’21, NeurIPS’21, S&P’22, EuroS&P’22, CVPR’22 (AC); CCS’22
- Runner-up Inria/CNIL Privacy Protection Prize 2020
S&P’20 paper: “Automatically Detecting Bystanders in Photos to Reduce Privacy Risks” - Co-Organizers of ICLR’21 Workshop on “Synthetic Data Generation – Quality, Privacy, Bias”
- Co-Organizers of CVPR’21 Workshop on “QuoVadis: Interdisciplinary, Socio-Technical Workshop on the Future of Computer Vision and Pattern Recognition (QuoVadis-CVPR)”
- Co-Organizers of CVPR’21 Workshop on “Causality in Vision”
- Founding member of Saarbrücken Artificial Intelligence & Machine Learning (SAM) unit of the European Laboratory of Learning and Intelligent Systems (ELLIS)
- Lecturer at Digital CISPA Summer School 2020
- Co-Organizer of Third International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at ECCV 2020
- Co-Organizer: 4. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’20
- Keynote at Workshop Machine Learning for Cybersecurity, ECMLPKDD’19
- Talk at Cyber Defense Campus (CYD) Conference on Artificial Intelligence in Defence and Security
- Co-Organizer of Second International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at CVPR 2019
- Co-Organizer: 3. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’19
- Leading scientist at new Helmholtz Medical Security and Privacy Research Center
- Member of ACM Technical Policy Committee Europe
- Mateusz Malinowski received the DAGM MVTec dissertation award as well as the Dr.-Eduard-Martin award for his PhD
- Associate Editor for IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)
2019
Journal Articles
MPIIGaze: Real-World Dataset and Deep Appearance-Based Gaze Estimation Journal Article
In: Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2019.
2018
Journal Articles
Advanced Steel Microstructural Classification by Deep Learning Methods Journal Article
In: Scientific Reports, 2018.
Reflectance and Natural Illumination from Single-Material Specular Objects Using Deep Learning Journal Article
In: Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2018.
Proceedings Articles
Adversarial Scene Editing: Automatic Object Removal from Weak Supervision Proceedings Article
In: Neural Information Processing Systems (NIPS), 2018.
Diverse Conditional Image Generation by Stochastic Regression with Latent Drop-Out Codes Proceedings Article
In: European Conference on Computer Vision (ECCV), 2018.
A Hybrid Model for Identity Obfuscation by Face Replacement Proceedings Article
In: European Conference on Computer Vision, 2018.
Answering Visual What-If Questions: From Actions to Predicted Scene Descriptions Proceedings Article
In: Visual Learning and Embodied Agents in Simulation Environments Workshop at European Conference on Computer Vision, 2018.
Sequential Attacks on Agents for Long-Term Adversarial Goals Proceedings Article
In: 2. ACM Computer Science in Cars Symposium -- Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles, 2018.
A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation Proceedings Article
In: 27th USENIX Security Symposium (USENIX Security 18), 2018.
Accurate and Diverse Sampling of Sequences based on a “Best of Many” Sample Objective Proceedings Article
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
Connecting Pixels to Privacy and Utility: Automatic Redaction of Private Information in Images Proceedings Article
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
Natural and Effective Obfuscation by Head Inpainting Proceedings Article
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
Disentangled Person Image Generation Proceedings Article
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
Long-Term On-Board Prediction of People in Traffic Scenes under Uncertainty Proceedings Article
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
Towards Reverse-Engineering Black-Box Neural Networks Proceedings Article
In: Internation Conference on Representation Learning (ICLR), 2018.
Long-Term Image Boundary Prediction Proceedings Article
In: Association for the Advancement of Artificial Intelligence (AAAI), 2018.
Technical Reports
Not Using the Car to See the Sidewalk: Quantifying and Controlling the Effects of Context in Classification and Segmentation Technical Report
arXiv:1812.06707, 2018.
Knockoff Nets: Stealing Functionality of Black-Box Models Technical Report
arXiv:1812.02766, 2018.
Attributing Fake Images to GANs: Analyzing Fingerprints in Generated Images Technical Report
2018.
MLCapsule: Guarded Offline Deployment of Machine Learning as a Service Technical Report
arXiv:1808.00590 [cs.CR], 2018.
Fashion is Taking Shape: Understanding Clothing Preference Based on Body Shape From Online Sources Technical Report
arXiv:1807.03235, 2018.
ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models Technical Report
arXiv:1806.01246 [cs.CR], 2018.
Adversarial Scene Editing: Automatic Object Removal from Weak Supervision Technical Report
2018.
Sequential Attacks on Agents for Long-Term Adversarial Goals Technical Report
arXiv:1805.12487, 2018.
Understanding and Controlling User Linkability in Decentralized Learning Technical Report
arXiv:1805.05838 [cs.CR], 2018.
A Hybrid Model for Identity Obfuscation by Face Replacement Technical Report
arXiv:1804.04779 [cs.CV], 2018.
Deep Appearance Maps Technical Report
arXiv:1804.00863 [cs.CV], 2018.