I had the pleasure to give a talk, titled “Trustworthy Machine Learning in the era of Large Language Models”, at CENIA (Santiago, Chile) about our work at Parameter Lab.
I am the research lead at Parameter Lab in Tübingen, Germany. My research interests lie in trustworthy AI, including adversarial machine learning, privacy, alignment, and uncertainty.
I hold a PhD degree in computer science from the University of Luxembourg. My PhD thesis focuses on analyzing the transferability of adversarial examples from the surrogate weight space of DNNs. I am a data scientist who graduated from Ensae ParisTech and a statistician who graduated from Toulouse School of Economics.
PhD in Computer Science, 2023
University of Luxembourg, Luxembourg
Specialized Master in Data Science (w/ high honors), 2015
Ensae ParisTech, France
Master in Statistics and Econometrics (w/ highest honor), 2014
Toulouse School of Economics, France
Magistère in Economics and Statistics (w/ highest honor), 2014
Toulouse School of Economics and Paul Sabatier University, France
Bachelor in Economics and Mathematics, 2012
Toulouse School of Economics and Paul Sabatier University, France
I had the pleasure to give a talk, titled “Trustworthy Machine Learning in the era of Large Language Models”, at CENIA (Santiago, Chile) about our work at Parameter Lab.
Content of the cyberwal 2022 workshop on machine learning security in the real world.
FLOSS Contributions
Master: Erasmus Mundus Joint Master in Cybersecurity
The Erasmus Mundus Joint Master in cybersecurity (CYBERUS) at the University of Luxembourg. One session about adversarial examples against LLMs.
Master: Advanced topics in Applied Machine Learning
2nd year of Master in Computer Science. Two lectures, design and correction of the project, planning.
Project: Creation and evaluation of fill-in-the-blank notebooks (part 1 on preprocessing and part 3 on adversarial examples)
Master: Introduction to Machine Learning
2nd year of Master in Space Science. Six sessions, including four based on the Machine Learning Refined book and one based on the Applied Machine Learning course of Andreas C. Müller. Summary slides.
Master: Introduction to Machine Learning
2nd year of Master in Space Science. Two introductory lectures on Machine Learning. Slides.
Bachelor: Software engineering 2
3rd year of Bachelor in Computer Science. Four introductory lectures on Machine Learning Engineering. Course given online during lockdown. Quizzes on Moodle. Videos, Slides
I served as a (co)-reviewer for the following conferences and journals.
Other academic services
I organized and animated the weekly Machine Learning Reading Group at the SerVal group (University of Luxembourg) from February 2021 to August 2023.
Contributions to FLOSS Security
Vulnerabilities discovered:
CVE | Software | Type | Description/Impact | Links |
---|---|---|---|---|
CVE-2017-6877 | Lutim | Stored XSS | Exposed all images uploaded by the user and their encryption keys | issue |
CVE-2017-10975 | Lutim | Stored XSS | Idem. Hard to exploit in pratice | issue |
CVE-2017-1000051 | CryptPad | Stored XSS | Exposed encryption keys of user data | blog post |
TeleR | RCE | 3 Arbitrary Code Executions on their server | blog post soon | |
Turtl | Stored XSS | 3 XSS exposing encrypted data (incl. passwords) | ||
NCrypt | Stored XSS | issue | ||
not disclosed | Stored XSS | |||
not disclosed | Stored XSS | |||
Shaarli | Stored XSS | Markdown plugin | MR | |
not disclosed | Stored XSS | |||
Framaforms | Improper Access Control | Exposed URL of all users forms | No public record | |
Framaforms | Stored XSS | Exposed responses of user forms. Too permissive formats allowed to untrusted users | issue | |
Framaforms | Stored XSS | issue | ||
Framaslides | Stored XSS | Markdown not sanitized | commit | |
Framaslides | Stored XSS | Escape markdown link sanitization (marked lib not updated) | issue | |
Framaslides | Stored XSS | issue | ||
CVE-2017-11594 | Loomio | Stored XSS | Markdown not sanitized. Allows to cast users’ votes using their identity | commit, demo |
Loomio | Stored XSS | No restrictions to attached files (when served locally). Allows to cast users’ votes using their identity | demo | |
Framemo & Sandstorm’s Scrumblr | Stored XSS | Markdown not sanitized | issue, PR | |
Framemo & Sandstorm’s Scrumblr | Formula Injection | issue, MR | ||
CVE-2017-1000039 | Framadate | Formula Injection | issue, MR | |
not disclosed | Stored XSS | |||
CVE-2017-11593 | Markdown Preview Plus Chrome’s Extension | Stored XSS | Led its users vulnerable to XSS in a ton of websites, by converting text, markdown and rst files to HTML without sanitization | issue |
not disclosed | Stored XSS | |||
Wallabag 2 & Graby | Stored XSS | PR | ||
Kresus | Stored Self-XSS | Possible to leverage it by importing a malicious JSON | issue | |
Dolomon | Stored (Self)-XSS | Multiple XSS. Some can be leveraged using a CSRF issue | issue | |
Dolomon | Improper Access Control | Gave access to the URLs saved by all users | issue | |
Dolomon | Formula Injection | issue | ||
not disclosed | Stored XSS | |||
share-on-diaspora Wordpress Plugin | Reflected Client XSS | Fixed, but not discovered. | PR |