Somesh Jha
@someshjha.bsky.social
I am a professor in the computer sciences at UW-Madison. My technical interests in trustworthy ML, formal methods, and security.
My other interests are Indian classical music, mindfulness, tennis, and pickleball.
My other interests are Indian classical music, mindfulness, tennis, and pickleball.
Congrats. The work looks cool!
October 16, 2025 at 4:28 PM
Congrats. The work looks cool!
Gorgeous. Where is it?
August 2, 2025 at 5:10 PM
Gorgeous. Where is it?
Looks great! What are you making? I can start driving from Madison now.:-)
August 2, 2025 at 5:09 PM
Looks great! What are you making? I can start driving from Madison now.:-)
In this work, we formally characterize the KAD scheme and uncover a structural vulnerability in its design that invalidates some core security principles.
We design a methodical adaptive attack, DataFlip, to exploit this fundamental weakness. Read about the details arxiv.org/abs/2507.05630
We design a methodical adaptive attack, DataFlip, to exploit this fundamental weakness. Read about the details arxiv.org/abs/2507.05630
How Not to Detect Prompt Injections with an LLM
LLM-integrated applications and agents are vulnerable to prompt injection attacks, in which adversaries embed malicious instructions within seemingly benign user inputs to manipulate the LLM's intende...
arxiv.org
July 21, 2025 at 3:25 AM
In this work, we formally characterize the KAD scheme and uncover a structural vulnerability in its design that invalidates some core security principles.
We design a methodical adaptive attack, DataFlip, to exploit this fundamental weakness. Read about the details arxiv.org/abs/2507.05630
We design a methodical adaptive attack, DataFlip, to exploit this fundamental weakness. Read about the details arxiv.org/abs/2507.05630
Recent defenses based on known-answer detection (KAD) have achieved near-perfect performance by using an LLM to classify inputs as clean or contaminated.
July 21, 2025 at 3:25 AM
Recent defenses based on known-answer detection (KAD) have achieved near-perfect performance by using an LLM to classify inputs as clean or contaminated.
The team is extremely open to working with other industrial and academic teams. Please reach out if you want to collaborate with our team.
July 16, 2025 at 12:57 PM
The team is extremely open to working with other industrial and academic teams. Please reach out if you want to collaborate with our team.
Air filters are not that expensive. I think even with the price increase you can afford it:-)
April 24, 2025 at 5:30 PM
Air filters are not that expensive. I think even with the price increase you can afford it:-)
Co-organized with @earlence.bsky.social @mihaichr.bsky.social Khawaja Shams (Google) and John Mitchell (Stanford).
Details can be found at: sites.google.com/corp/ucsd.ed...
Details can be found at: sites.google.com/corp/ucsd.ed...
SAGAI'25 @ IEEE S&P
Goal
The workshop will investigate the safety, security, and privacy of GenAI agents from a system design perspective. We believe that this new category of important and critical system components req...
sites.google.com
March 31, 2025 at 7:32 PM
Co-organized with @earlence.bsky.social @mihaichr.bsky.social Khawaja Shams (Google) and John Mitchell (Stanford).
Details can be found at: sites.google.com/corp/ucsd.ed...
Details can be found at: sites.google.com/corp/ucsd.ed...
Looks great! What is in it? Tofu?
March 25, 2025 at 9:14 PM
Looks great! What is in it? Tofu?
These kind of comparisons are not very useful. Everyone should be charting their own course!
March 24, 2025 at 3:24 PM
These kind of comparisons are not very useful. Everyone should be charting their own course!
* removes reliance on public datasets, which was assumed in many existing integrity checks.
March 18, 2025 at 10:07 PM
* removes reliance on public datasets, which was assumed in many existing integrity checks.
* enables advanced integrity checks, such as cross-client validation accuracy, which were impossible in prior secure FL approaches. We show these checks are effective under model poisoning attacks and client data distribution shifts.
March 18, 2025 at 10:06 PM
* enables advanced integrity checks, such as cross-client validation accuracy, which were impossible in prior secure FL approaches. We show these checks are effective under model poisoning attacks and client data distribution shifts.