indexo.dev

suhacker.ai

.ai crawl

First seen 2026-04-13 · Last seen 2026-05-01 · ok HTTP/1.1 200 290 ms crawled 2026-05-06

FI · 95.217.30.133 · AS24940 Hetzner Online GmbH

Reputation 100/100

sector tech type homepage

HTML metadata

Title
Suha Sabi Hussain
Description
I'm an engineer based in Brooklyn. I work on AI/ML product security and research at Harvey. You can contact me at suhashussain1 ‘at’ gmail ‘dot’ com or @suhackerr on Twitter. <em>Disclaimer: The views and opinions expressed on this website are solely my own and do not reflect the views, policies, or positions of my employer or any organization I am or was affiliated with.</em> <strong>Select Works</strong> <em>Harvey</em> How Harvey Secures Embeddings at Scale (Blog Post) <em>Trail of Bits</em> <strong>Weaponizing Image Scaling Against Production AI Systems</strong> <ul> <li>Blog Post</li> <li>GitHub Repository  </li> <li>Covered by The Register, Risky Business, HackRead, BGR, etc.</li> <li>Black Hat Europe, BSides Berlin, Best Multimodal Build at AI Tinkerers NYC Demopalooza, Insecure Agents (Presented by Kikimora Morozova)</li> </ul> <strong>Hijacking Multi-agent Systems in Your PajaMAS</strong> <ul> <li>Blog Post</li> <li>GitHub Repository  </li> </ul> <strong>Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs</strong> <ul> <li>DEFCON 32 (Slides)</li> <li>HOPE XV</li> <li>BSides Las Vegas</li> <li>Invited Talk for the NVIDIA Security Team</li> </ul> Lightweight Design Review of the 6079 Proof-of-Inference Protocol (Public Report) Meta WhatsApp Private Processing Security Assessment (Public Report) <strong>EZKL Security Assessment</strong> (Public Report) <strong>Sleepy Pickle: Hybrid ML Exploit Chaining Pickle Insecurity and Model Backdoors</strong> <ul> <li>Note: Contributor to the initial Sleepy Pickle PoC</li> <li>Blog post</li> </ul> <strong>Relishing New Fickling Features for Securing ML Systems</strong>  <ul> <li>Blog Post</li> <li>GitHub Repository</li> </ul> ML File Formats Collection (GitHub Repository) <strong>MLFiles - Using Input-Handling Bugs to Inject Backdoors Into Machine Learning Pipelines</strong>  <ul> <li>UCSC LSD Seminar Talk</li> <li>Undergraduate Thesis</li> </ul> <strong>Assessing the Security Posture of a Widely Used Vision Model: YOLOv7</strong>  <ul> <li>Blog Post</li> <li>Public Report  </li> </ul> <strong>Safetensors Security Assessment</strong>  <ul> <li>Public Report</li> <li>Context  </li> </ul> <strong>Secure Your Machine Learning with Semgrep</strong>  <ul> <li>Blog Post</li> <li>GitHub Repository  </li> </ul> <strong>DEF CON 30 AI Village: Panel: The Use of AI/ML in Offensive Security Operations.</strong>  ToB Podcast Episode: W/Internships ZCoin Lelantus Security Assessment (Public Report) <strong>Never a Dill Moment: Exploiting Machine Learning Pickle Files</strong>  <ul> <li>DEFCON 29 AI Village Talk</li> <li>Blog Post</li> <li>GitHub Repository</li> </ul> <strong>PrivacyRaven: Comprehensive Privacy Testing for Deep Learning</strong>  <ul> <li>OpenMined Privacy Conference Talk</li> <li>Empire Hacking Talk</li> <li>Blog Post</li> <li>GitHub Repository</li> </ul> <em>RoboJackets</em> Multiclass Semantic Segmentation for Autonomous Vehicle Perception <em>NYU CCS</em> <strong>COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity</strong>  <ul> <li>IEEE Transactions on Information Forensics and Security (Paper)</li> <li>Invited Talk for the NSA Board of Directors</li> </ul> <strong>A New Method for the Exploitation of Speech Recognition Systems</strong>  <ul> <li>Invited Talk for the NSA Research Directorate</li> <li>Computational Cybersecurity for Compromised Environments Workshop</li> </ul>
Feeds

Technology

Server
gunicorn

Social

Registration

Registrar
GoDaddy.com, LLC
Created
2025-09-15
Expires
2027-09-15 484 days left
Updated
2025-11-30
Name servers
  • princess.ns.cloudflare.com
  • pedro.ns.cloudflare.com

DNS records live

NS
  • pedro.ns.cloudflare.com
  • princess.ns.cloudflare.com

Email authentication no MX

SPF
not published
DMARC
v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc_rua@onsecureserver.net;
policy: quarantine
DKIM
no key found at common selectors

Certificate (current)

E8
from 2026-03-30 to 2026-06-28
Expires in 40 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 55/100 Checked live page: https://suhacker.ai/

present
  • x-frame-options
  • x-content-type-options
  • referrer-policy
  • cross-origin-opener-policy
findings
  • missing HSTS
  • missing Content Security Policy
  • missing Permissions Policy
Header values
referrer-policy
same-origin
x-frame-options
DENY
x-content-type-options
nosniff
cross-origin-opener-policy
same-origin

Links to (15)

Linked from (1)