sshussain.me

HTML metadata

Title

Suha Sabi Hussain

Description

I'm an engineer based in Brooklyn. I work on AI/ML product security and research at Harvey. You can contact me at suhashussain1 ‘at’ gmail ‘dot’ com or @suhackerr on Twitter. Disclaimer: The views and opinions expressed on this website are solely my own and do not reflect the views, policies, or positions of my employer or any organization I am or was affiliated with. Select Works Harvey How Harvey Secures Embeddings at Scale (Blog Post) Trail of Bits Weaponizing Image Scaling Against Production AI Systems <ul> <li>Blog Post</li> <li>GitHub Repository </li> <li>Covered by The Register, Risky Business, HackRead, BGR, etc.</li> <li>Black Hat Europe, BSides Berlin, Best Multimodal Build at AI Tinkerers NYC Demopalooza, Insecure Agents (Presented by Kikimora Morozova)</li> </ul> Hijacking Multi-agent Systems in Your PajaMAS <ul> <li>Blog Post</li> <li>GitHub Repository </li> </ul> Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs <ul> <li>DEFCON 32 (Slides)</li> <li>HOPE XV</li> <li>BSides Las Vegas</li> <li>Invited Talk for the NVIDIA Security Team</li> </ul> Lightweight Design Review of the 6079 Proof-of-Inference Protocol (Public Report) Meta WhatsApp Private Processing Security Assessment (Public Report) EZKL Security Assessment (Public Report) Sleepy Pickle: Hybrid ML Exploit Chaining Pickle Insecurity and Model Backdoors <ul> <li>Note: Contributor to the initial Sleepy Pickle PoC</li> <li>Blog post</li> </ul> Relishing New Fickling Features for Securing ML Systems <ul> <li>Blog Post</li> <li>GitHub Repository</li> </ul> ML File Formats Collection (GitHub Repository) MLFiles - Using Input-Handling Bugs to Inject Backdoors Into Machine Learning Pipelines <ul> <li>UCSC LSD Seminar Talk</li> <li>Undergraduate Thesis</li> </ul> Assessing the Security Posture of a Widely Used Vision Model: YOLOv7 <ul> <li>Blog Post</li> <li>Public Report </li> </ul> Safetensors Security Assessment <ul> <li>Public Report</li> <li>Context </li> </ul> Secure Your Machine Learning with Semgrep <ul> <li>Blog Post</li> <li>GitHub Repository </li> </ul> DEF CON 30 AI Village: Panel: The Use of AI/ML in Offensive Security Operations. ToB Podcast Episode: W/Internships ZCoin Lelantus Security Assessment (Public Report) Never a Dill Moment: Exploiting Machine Learning Pickle Files <ul> <li>DEFCON 29 AI Village Talk</li> <li>Blog Post</li> <li>GitHub Repository</li> </ul> PrivacyRaven: Comprehensive Privacy Testing for Deep Learning <ul> <li>OpenMined Privacy Conference Talk</li> <li>Empire Hacking Talk</li> <li>Blog Post</li> <li>GitHub Repository</li> </ul> RoboJackets Multiclass Semantic Segmentation for Autonomous Vehicle Perception NYU CCS COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity <ul> <li>IEEE Transactions on Information Forensics and Security (Paper)</li> <li>Invited Talk for the NSA Board of Directors</li> </ul> A New Method for the Exploitation of Speech Recognition Systems <ul> <li>Invited Talk for the NSA Research Directorate</li> <li>Computational Cybersecurity for Compromised Environments Workshop</li> </ul>

Feeds

RSS RSS

Technology

Server: gunicorn

Third-party hosts loaded (1)

suhacker.ai×1

Social

DNS records live

NS

pedro.ns.cloudflare.com
princess.ns.cloudflare.com

MX

10 eforward1.registrar-servers.com
10 eforward2.registrar-servers.com
10 eforward3.registrar-servers.com
15 eforward4.registrar-servers.com
20 eforward5.registrar-servers.com

TXT

v=spf1 include:spf.efwd.registrar-servers.com ~all

Certificate (current)

WE1

from 2026-03-24 to 2026-06-22

Expires in 34 days

Full certificate history on crt.sh ↗

Links to (16)

Linked from (1)

rys.io×2