lea

 

Lea Schönherr

Faculty

I am a tenure-track faculty at CISPA Helmholtz Center for Information Security since 2022. I received my PhD in 2021 from Ruhr University Bochum, Germany, in the DFG Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries“ (CASA). My research interests lie in the area of system-level adversarial machine learning and trustworthy generative AI. After my PhD I was visiting researcher at the University of California, Berkeley, and the University of Chicago.

 

In my Dormant Neurons research group our vision is to build secure, safe, and fair AI that people can trust.

 

Our work includes research on attacks and defenses for AI including LLM, multimodal systems, speech recognition systems, and generative models, as well as methods to prevent the misuse of generative AI. This includes robust feature analysis and studying human factors involved in recognizing generated media. In addition, we investigate code-generating models, focusing on understanding the strengths and limitations of automated systems. For more information on our research, please also see the Dormant Neurons group website.

 

During my Ph.D., I was advised by Prof. Dr.-Ing. Dorothea Kolossa at the Cognitive Signal Processing group at Ruhr University Bochum (RUB), Germany. I also received two scholarships from UbiCrypt (DFG Research Training Group) and CASA (DFG Cluster of Excellence).

  ·     ·  

2021isca

Can We Trust Generative AI? Understanding and Mitigating Security Threats in Today’s Machine Learning Systems
UCT-CISPA Summer School, Cape Town, South Africa 2026

Generative AI (genAI) is becoming more integrated into our daily lives, raising questions about potential threats within these systems and their outputs. In this talk, we will examine the security challenges and threats associated with generative AI. This includes the deception of humans with generated media and the deception of machine learning systems. In the first part of the talk, we look at threat scenarios in which generative models are utilized to produce content that is impossible to distinguish from human-generated content. This fake content is often used for fraudulent and manipulative purposes. As generative models evolve, the attacks are easier to automate and require less expertise, while detecting such activities will become increasingly difficult. This talk will provide an overview of our current challenges in detecting fake media in human and machine interactions and the effects of genAI media labeling to consumers trust. The second part will cover exploits of LLMs to disrupt alignment or to steal sensitive information. Existing attacks show that content filters of LLMs can be easily bypassed with specific inputs and that private information can be leaked. From an alternative perspective, we demonstrate that obfuscating prompts offers an effective way to protect intellectual property. Our research demonstrates that with minimal overhead, we can maintain similar utility while safeguarding confidential data, highlighting that defenses in foundation models may require fundamentally different approaches to utilize their inherent strengths.