MetaBackdoor: Exploiting Positional Encoding as a Backdoor Attack Surface in LLMs
Rui Wen, Mark Russinovich, Andrew Paverd, Jun Sakuma, Ahmed Salem
May 2026
Ahmed Salem
Senior Researcher
Publications
-
-
-
Exergy-based pore-network optimization of gas diffusion layers for enhanced efficiency in proton exchange membrane fuel cells
Sa′ed Rawashdea, M. Almajali, Ahmed Salem, Akram E. Zeid, Nathan Kawansson, D. Paterson
ScienceDirect | April 2026
-
Advanced Microstructural Engineering of Gas Diffusion Layers for Synergistic Electrochemical Performance and Durability
Sa′ed Alrwashdeh, Ahmed Salem
HighTech and Innovation Journal | March 2026, Vol 7(1)
-
-
-
Do LLMs Comply Differently During Tests? And Can We Steer That?
Sahar Abdelnabi, Ahmed Salem
NeurIPS 2025 | October 2025
-
Permissive Information-Flow Analysis for Large Language Models
Shoaib Ahmed Siddiqui, Radhika Gaonkar, Boris Köpf, David Krueger, Andrew Paverd, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Menglin Xia, Santiago Zanella-Béguelin
Transactions on Machine Learning Research (TMLR) | October 2025
-
Securing AI Agents with Information-Flow Control
Manuel Costa, Boris Köpf, Aashish Kolluri, Andrew Paverd, Mark Russinovich, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
May 2025
-
-
-
Hey, That’s My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique
Mark Russinovich, Ahmed Salem, Yanan Cai
ICLR 2026 | July 2024
-
Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition
Edoardo Debenedetti, Javier Rando, Daniel Paleka, Fineas Silaghi, Dragos Albastroiu, Niv Cohen, Yuval Lemberg, Reshmi Ghosh, Ahmed Salem, Rui Wen, Giovanni Cherubin, Santiago Zanella-Béguelin, Robin Schmid, Victor Klemm, Takahiro Miki, Chenhao Li, Stefan Kraft, Mario Fritz, Florian Tramer, Sahar Abdelnabi, Lea Schönherr
NeurIPS 2024 | June 2024
-
-
-
Bayesian Estimation of Differential Privacy
Santiago Zanella-Béguelin, Lukas Wutschitz, Shruti Tople, Ahmed Salem, Victor Ruehle, Andrew Paverd, Mohammad Naseri, Boris Köpf, Daniel Jones
2023 International Conference on Machine Learning | July 2023
Rédacteur(s) en chef: Barbara Engelhardt, Emma Brunskill, Kyunghyun Cho
-
Two-in-One: A Model Hijacking Attack Against Text Generation Models
Wai Man Si, Michael Backes, Yang Zhang, Ahmed Salem
USENIX Security Symposium | July 2023
-
UnGANable: Defending Against GAN-based Face Manipulation
Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang
USENIX Security Symposium | July 2023
-
Analyzing Leakage of Personally Identifiable Information in Language Models
Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-
-
-
MetaBackdoor: Exploiting Positional Encoding as a Backdoor Attack Surface in LLMs
Rui Wen, Mark Russinovich, Andrew Paverd, Jun Sakuma, Ahmed Salem
May 2026
-
Advanced Microstructural Engineering of Gas Diffusion Layers for Synergistic Electrochemical Performance and Durability
Sa′ed Alrwashdeh, Ahmed Salem
HighTech and Innovation Journal | March 2026, Vol 7(1)
-
Permissive Information-Flow Analysis for Large Language Models
Shoaib Ahmed Siddiqui, Radhika Gaonkar, Boris Köpf, David Krueger, Andrew Paverd, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Menglin Xia, Santiago Zanella-Béguelin
Transactions on Machine Learning Research (TMLR) | October 2025
-
Securing AI Agents with Information-Flow Control
Manuel Costa, Boris Köpf, Aashish Kolluri, Andrew Paverd, Mark Russinovich, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
May 2025
-
Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition
Edoardo Debenedetti, Javier Rando, Daniel Paleka, Fineas Silaghi, Dragos Albastroiu, Niv Cohen, Yuval Lemberg, Reshmi Ghosh, Ahmed Salem, Rui Wen, Giovanni Cherubin, Santiago Zanella-Béguelin, Robin Schmid, Victor Klemm, Takahiro Miki, Chenhao Li, Stefan Kraft, Mario Fritz, Florian Tramer, Sahar Abdelnabi, Lea Schönherr
NeurIPS 2024 | June 2024
-
Two-in-One: A Model Hijacking Attack Against Text Generation Models
Wai Man Si, Michael Backes, Yang Zhang, Ahmed Salem
USENIX Security Symposium | July 2023
-
UnGANable: Defending Against GAN-based Face Manipulation
Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang
USENIX Security Symposium | July 2023
-
Bayesian Estimation of Differential Privacy
Santiago Zanella-Béguelin, Lukas Wutschitz, Shruti Tople, Ahmed Salem, Victor Ruehle, Andrew Paverd, Mohammad Naseri, Boris Köpf, Daniel Jones
2023 International Conference on Machine Learning | July 2023
Rédacteur(s) en chef: Barbara Engelhardt, Emma Brunskill, Kyunghyun Cho
-
Analyzing Leakage of Personally Identifiable Information in Language Models
Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-
-
-
Exergy-based pore-network optimization of gas diffusion layers for enhanced efficiency in proton exchange membrane fuel cells
Sa′ed Rawashdea, M. Almajali, Ahmed Salem, Akram E. Zeid, Nathan Kawansson, D. Paterson
ScienceDirect | April 2026
-
-
-
Exergy-based pore-network optimization of gas diffusion layers for enhanced efficiency in proton exchange membrane fuel cells
Sa′ed Rawashdea, M. Almajali, Ahmed Salem, Akram E. Zeid, Nathan Kawansson, D. Paterson
ScienceDirect | April 2026
-
-
-
Do LLMs Comply Differently During Tests? And Can We Steer That?
Sahar Abdelnabi, Ahmed Salem
NeurIPS 2025 | October 2025
-
Permissive Information-Flow Analysis for Large Language Models
Shoaib Ahmed Siddiqui, Radhika Gaonkar, Boris Köpf, David Krueger, Andrew Paverd, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Menglin Xia, Santiago Zanella-Béguelin
Transactions on Machine Learning Research (TMLR) | October 2025
-
Securing AI Agents with Information-Flow Control
Manuel Costa, Boris Köpf, Aashish Kolluri, Andrew Paverd, Mark Russinovich, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
May 2025
-
Hey, That’s My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique
Mark Russinovich, Ahmed Salem, Yanan Cai
ICLR 2026 | July 2024
-
Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition
Edoardo Debenedetti, Javier Rando, Daniel Paleka, Fineas Silaghi, Dragos Albastroiu, Niv Cohen, Yuval Lemberg, Reshmi Ghosh, Ahmed Salem, Rui Wen, Giovanni Cherubin, Santiago Zanella-Béguelin, Robin Schmid, Victor Klemm, Takahiro Miki, Chenhao Li, Stefan Kraft, Mario Fritz, Florian Tramer, Sahar Abdelnabi, Lea Schönherr
NeurIPS 2024 | June 2024
-
Two-in-One: A Model Hijacking Attack Against Text Generation Models
Wai Man Si, Michael Backes, Yang Zhang, Ahmed Salem
USENIX Security Symposium | July 2023
-
UnGANable: Defending Against GAN-based Face Manipulation
Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang
USENIX Security Symposium | July 2023
-
Bayesian Estimation of Differential Privacy
Santiago Zanella-Béguelin, Lukas Wutschitz, Shruti Tople, Ahmed Salem, Victor Ruehle, Andrew Paverd, Mohammad Naseri, Boris Köpf, Daniel Jones
2023 International Conference on Machine Learning | July 2023
Rédacteur(s) en chef: Barbara Engelhardt, Emma Brunskill, Kyunghyun Cho
-
Analyzing Leakage of Personally Identifiable Information in Language Models
Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-
-
-
MetaBackdoor: Exploiting Positional Encoding as a Backdoor Attack Surface in LLMs
Rui Wen, Mark Russinovich, Andrew Paverd, Jun Sakuma, Ahmed Salem
May 2026
-
Securing AI Agents with Information-Flow Control
Manuel Costa, Boris Köpf, Aashish Kolluri, Andrew Paverd, Mark Russinovich, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
May 2025
-
-
-
Exergy-based pore-network optimization of gas diffusion layers for enhanced efficiency in proton exchange membrane fuel cells
Sa′ed Rawashdea, M. Almajali, Ahmed Salem, Akram E. Zeid, Nathan Kawansson, D. Paterson
ScienceDirect | April 2026
-
Advanced Microstructural Engineering of Gas Diffusion Layers for Synergistic Electrochemical Performance and Durability
Sa′ed Alrwashdeh, Ahmed Salem
HighTech and Innovation Journal | March 2026, Vol 7(1)
-
Permissive Information-Flow Analysis for Large Language Models
Shoaib Ahmed Siddiqui, Radhika Gaonkar, Boris Köpf, David Krueger, Andrew Paverd, Ahmed Salem, Shruti Tople, Lukas Wutschitz, Menglin Xia, Santiago Zanella-Béguelin
Transactions on Machine Learning Research (TMLR) | October 2025
-
-
-
Do LLMs Comply Differently During Tests? And Can We Steer That?
Sahar Abdelnabi, Ahmed Salem
NeurIPS 2025 | October 2025
-
Hey, That’s My Model! Introducing Chain & Hash, An LLM Fingerprinting Technique
Mark Russinovich, Ahmed Salem, Yanan Cai
ICLR 2026 | July 2024
-
Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition
Edoardo Debenedetti, Javier Rando, Daniel Paleka, Fineas Silaghi, Dragos Albastroiu, Niv Cohen, Yuval Lemberg, Reshmi Ghosh, Ahmed Salem, Rui Wen, Giovanni Cherubin, Santiago Zanella-Béguelin, Robin Schmid, Victor Klemm, Takahiro Miki, Chenhao Li, Stefan Kraft, Mario Fritz, Florian Tramer, Sahar Abdelnabi, Lea Schönherr
NeurIPS 2024 | June 2024
-
Two-in-One: A Model Hijacking Attack Against Text Generation Models
Wai Man Si, Michael Backes, Yang Zhang, Ahmed Salem
USENIX Security Symposium | July 2023
-
UnGANable: Defending Against GAN-based Face Manipulation
Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang
USENIX Security Symposium | July 2023
-
Bayesian Estimation of Differential Privacy
Santiago Zanella-Béguelin, Lukas Wutschitz, Shruti Tople, Ahmed Salem, Victor Ruehle, Andrew Paverd, Mohammad Naseri, Boris Köpf, Daniel Jones
2023 International Conference on Machine Learning | July 2023
Rédacteur(s) en chef: Barbara Engelhardt, Emma Brunskill, Kyunghyun Cho
-
Analyzing Leakage of Personally Identifiable Information in Language Models
Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella-Béguelin
2023 IEEE Symposium on Security and Privacy | May 2023
-