I lead research on AI security and trustworthy machine learning, with a focus on adversarial attacks and defenses, robustness under deployment constraints, and secure perception systems. My work bridges theory, system-level design, and real-world evaluation, targeting vision, autonomous, embedded, and multimodal AI systems.

🔥 News

• 2026.05: I’ve received a Silver Reviewer Award from ICML 2026
• 2026.01: 🎉 2 papers accepted at ICLR 2026
• 2025.11: 🎉 1 paper accepted at DATE 2026
• 2025.10: I’ve been selected as Top Reviewer at NeurIPS 2025
• 2025.06: 🎉 1 paper accepted at ICCV 2025
• 2024.06: 🎉 1 paper accepted at IROS 2024
• 2024.06: 🎉 3 papers accepted at ICIP 2024
• 2024.02: 🎉 1 paper accepted at CVPR 2024
• 2024.02: 🎉 1 paper accepted at DAC 2024

Research Overview

My research aims to advance the security, robustness, and trustworthiness of machine learning systems under adversarial threats and realistic deployment constraints. I study how architecture choices, quantization and approximation, physical-world effects, and multimodal interactions shape both vulnerabilities and defenses.

I work on the following research topics:

• Adversarial Machine Learning and Robust Optimization
• Security of Autonomous and Embodied AI Systems
• Deployment-Aware and Edge AI Security
• Explainability and Interpretability for Robustness
• Security, Jailbreaks and Hallucination in Large Language and Vision–Language Models
• Privacy and Robustness of Multimodal AI Agents

Selected Research Projects

Below are representative research projects spanning adversarial machine learning, robustness, and secure AI systems.

ICLR 2026: DRIFT: Divergent Response in Filtered Transformations for Robust Adversarial Defense

Authors: Amira Guesmi, Muhammad Shafique

Shows that adversarial robustness can be achieved by breaking gradient consensus rather than masking gradients, introducing stochastic filter ensembles that induce controlled divergence across model responses and remain effective under adaptive attacks.

Project | Paper

ICLR 2026: TriQDef: Disrupting Semantic and Gradient Alignment to Prevent Adversarial Patch Transferability in Quantized Neural Networks

Authors: Amira Guesmi, Bassem Ouni, Muhammad Shafique

Reveals that adversarial patch transferability in quantized models is driven by hidden structural consistency across bit-widths, and proposes mechanisms to explicitly disrupt this alignment at both feature and gradient levels.

Project | Paper

ArXiv 2025: Do Not Leave a Gap: Hallucination-Free Object Concealment in Vision-Language Models

Authors: Amira Guesmi, Muhammad Shafique

Demonstrates that hallucination in vision-language models is driven by representational gaps rather than object absence, and introduces Background-Consistent Re-encoding to enforce continuity and prevent hallucinated content.

Project | Paper

ArXiv 2025: TESSER: Transfer-Enhancing Adversarial Attacks from Vision Transformers

Authors: Amira Guesmi, Bassem Ouni, Muhammad Shafique

Establishes that adversarial transferability depends on preserving shared spectral and semantic structures, and introduces a framework that explicitly enforces this alignment to improve cross-model attack generalization.

Project | Paper

ICCV 2025: ODDR: Outlier Detection & Dimension Reduction Based Defense Against Adversarial Patches

Authors: Nandish Chattopadhyay*, Amira Guesmi*, Muhammad Abdullah Hanif, Bassem Ouni, Muhammad Shafique

Frames adversarial patches as feature-space outliers, and introduces a dimension reduction framework that suppresses their influence by removing structurally inconsistent features while preserving clean model behavior.

Project | Paper

CVPR 2024: DAP: A Dynamic Adversarial Patch for Evading Person Detectors

Authors: Amira Guesmi, Ruitian Ding, Muhammad Abdullah Hanif, Ihsen Alouani, Muhammad Shafique

Developed a dynamic adversarial patch framework for wearable, printable T-shirt attacks, enabling person hiding from smart surveillance systems under real-world pose changes, fabric deformation, and physical deployment variations.

Project | Paper

IROS 2024: SSAP: A Shape-Sensitive Adversarial Patch for Monocular Depth Estimation

Authors: Amira Guesmi, Muhammad Abdullah Hanif, Ihsen Alouani, Bassem Ouni, Muhammad Shafique

Introduced a shape-sensitive adversarial patch framework that extends attack impact from localized regions to full-object disruption, enabling stronger and more comprehensive degradation of depth estimation in autonomous perception systems.

Project | Paper

💼 Experience

Oct 2022 – Present: Research Team Lead, Engineering Division, New York University Abu Dhabi (NYUAD), UAE

Nov 2021 – Aug 2022: Postdoctoral Researcher, IEMN-DOAE Laboratory, CNRS-8520, Polytechnic University Hauts-de-France, France

📖 Education

Mar 2018 - Oct 2021: Ph.D. in Computer Systems Engineering, National School of Engineers of Sfax, Tunisia

Sep 2013 - Jun 2016: Engineer Degree in Computer Science & Electrical Engineering, National School of Engineers of Sfax (ENIS), Tunisia

🏆 Awards & Honors

• Silver Reviewer Award, ICML 2026.
• Top Reviewer Award, NeurIPS 2025.
• Best Senior Researcher Award, eBRAIN Lab, NYUAD, 2023.
• Erasmus+ Scholarship, France, 2019.
• DAAD Scholarship: Advanced Technologies based on IoT (ATIoT), Germany, 2018.
• DAAD Scholarship: Young ESEM Program (Embedded Systems for Energy Management), Germany, 2016.

🧑‍🏫 Academic Service & Community

• Conference Reviewer: ICML, ICLR, NeurIPS, ICCV, CVPR, AAAI, ECCV, DAC
• Journal Reviewer: IEEE TIFS, TCSVT, TCAD, Access
• Organizer & Speaker: Tutorial: ML Security in Autonomous Systems, IROS 2024

📬 Contact & Links

• Email: ag9321@nyu.edu

I am always open to collaborations on AI security, adversarial robustness, and trustworthy ML systems.