I work on robustness and security of AI systems, with a focus on how models behave outside controlled settings.

My research spans adversarial machine learning, computer vision, and system-level aspects of AI, including quantization, approximate computing, and real-world deployment constraints. I’m particularly interested in understanding why failures persist across models, tasks, and environments, and what this reveals about how modern AI systems operate.

Across different projects, I study how structure is shared between models — in gradients, feature representations, or higher-level semantics — and how this can make systems both effective and vulnerable. This perspective connects work on adversarial transferability, robustness under quantization, physical-world attacks, and more recently, multimodal models.

Rather than treating these as separate problems, I approach them through a common lens: understanding what carries across systems, and how it can either be leveraged or disrupted.

This has led to work on:

• improving and analyzing adversarial transferability across architectures and settings
• designing defenses that remain effective under quantization and hardware constraints
• studying robustness in physical-world scenarios (e.g., viewpoint, lighting, distance)
• investigating failure modes in vision-language models, including hallucination, jailbreaking, and inconsistency

More broadly, my goal is to contribute to AI systems that are reliable, interpretable, and robust under real-world conditions, not just optimized for benchmark performance.

🔥 News

• 2026.05: I’ve received a Silver Reviewer Award from ICML 2026
• 2026.01: 🎉 2 papers accepted at ICLR 2026
• 2025.11: 🎉 1 paper accepted at DATE 2026
• 2025.10: I’ve been selected as Top Reviewer at NeurIPS 2025
• 2025.06: 🎉 1 paper accepted at ICCV 2025
• 2024.06: 🎉 1 paper accepted at IROS 2024
• 2024.06: 🎉 3 papers accepted at ICIP 2024
• 2024.02: 🎉 1 paper accepted at CVPR 2024
• 2024.02: 🎉 1 paper accepted at DAC 2024

Research Overview

I work at the intersection of machine learning, systems, and real-world AI deployment. My research spans:

• Adversarial robustness and transferability: Understanding how and why adversarial effects persist across models, architectures, and settings
• Robustness under quantization and approximate computing: Studying how hardware constraints reshape both vulnerabilities and defenses
• Physical-world AI security: Designing and evaluating attacks and defenses under real-world conditions (pose, lighting, distance)
• Multimodal and vision–language model security: Investigating hallucination, jailbreaking, inconsistency, and robustness in multimodal systems

Selected Research Projects

Below are representative research projects spanning adversarial machine learning, robustness, and secure AI systems.

ICLR 2026: DRIFT: Divergent Response in Filtered Transformations for Robust Adversarial Defense

Authors: Amira Guesmi, Muhammad Shafique

Identifies gradient consensus as a key source of adversarial vulnerability, where different transformations still produce aligned attack directions. Proposes stochastic filter ensembles to enforce gradient divergence and improve robustness.

Project | Paper

ICLR 2026: TriQDef: Disrupting Semantic and Gradient Alignment to Prevent Adversarial Patch Transferability in Quantized Neural Networks

Authors: Amira Guesmi, Bassem Ouni, Muhammad Shafique

Reveals that adversarial patch transferability across quantized models is driven by hidden cross-bit alignment in gradients and feature structure. Introduces a training framework that explicitly disrupts this alignment to prevent transfer.

Project | Paper

ArXiv 2026: Do Not Leave a Gap: Hallucination-Free Object Concealment in Vision-Language Models

Authors: Amira Guesmi, Muhammad Shafique

Shows that suppression-based attacks in vision-language models create representational discontinuities that lead to hallucination. Introduces a re-encoding strategy that restores consistency between regions and prevents these failures.

Project | Paper

ArXiv 2025: TESSER: Transfer-Enhancing Adversarial Attacks from Vision Transformers

Authors: Amira Guesmi, Bassem Ouni, Muhammad Shafique

Shows that adversarial transferability can be strengthened by preserving spectral and semantic structure across models. Introduces regularization techniques that stabilize these shared components to improve black-box attack effectiveness.

Project | Paper

ICCV 2025: ODDR: Outlier Detection & Dimension Reduction Based Defense Against Adversarial Patches

Authors: Nandish Chattopadhyay*, Amira Guesmi*, Muhammad Abdullah Hanif, Bassem Ouni, Muhammad Shafique (* equal contribution)

Frames adversarial patches as structured outliers in feature space rather than random perturbations. Combines outlier detection and dimensionality reduction to localize and neutralize patch-induced distortions.

Project | Paper

CVPR 2024: DAP: A Dynamic Adversarial Patch for Evading Person Detectors

Authors: Amira Guesmi, Ruitian Ding, Muhammad Abdullah Hanif, Ihsen Alouani, Muhammad Shafique

Demonstrates that physically robust adversarial patches require adaptation to real-world transformations such as pose and deformation. Introduces a dynamic patch generation framework that maintains effectiveness under these conditions.

Project | Paper

IROS 2024: SSAP: A Shape-Sensitive Adversarial Patch for Monocular Depth Estimation

Authors: Amira Guesmi, Muhammad Abdullah Hanif, Ihsen Alouani, Bassem Ouni, Muhammad Shafique

Shows that adversarial patches can manipulate geometric perception at the object level, affecting global depth estimation rather than localized regions. Proposes shape-aware perturbations that alter scene understanding.

Project | Paper

ASPLOS 2021: Defensive approximation: securing cnns using approximate computing

Authors: Amira Guesmi, Ihsen Alouani, Khaled N Khasawneh, Mouna Baklouti, Tarek Frikha, Mohamed Abid, Nael Abu-Ghazaleh

Reframes approximate computing from a hardware constraint into a mechanism for disrupting adversarial optimization, where reduced precision and stochasticity weaken the reliability of attack gradients.

Project | Paper

💼 Experience

Oct 2022 – Present: Research Team Lead, Engineering Division, New York University Abu Dhabi (NYUAD), UAE

Nov 2021 – Aug 2022: Postdoctoral Researcher, IEMN-DOAE Laboratory, CNRS-8520, Polytechnic University Hauts-de-France, France

📖 Education

Mar 2018 - Oct 2021: Ph.D. in Computer Systems Engineering, National School of Engineers of Sfax, Tunisia

Sep 2013 - Jun 2016: Engineer Degree in Computer Science & Electrical Engineering, National School of Engineers of Sfax (ENIS), Tunisia

🏆 Awards & Honors

• Silver Reviewer Award, ICML 2026.
• Top Reviewer Award, NeurIPS 2025.
• Best Senior Researcher Award, eBRAIN Lab, NYUAD, 2023.
• Erasmus+ Scholarship, France, 2019.
• DAAD Scholarship: Advanced Technologies based on IoT (ATIoT), Germany, 2018.
• DAAD Scholarship: Young ESEM Program (Embedded Systems for Energy Management), Germany, 2016.

🧑‍🏫 Academic Service & Community

• Conference Reviewer: ICML, ICLR, NeurIPS, ICCV, CVPR, AAAI, ECCV, DAC
• Journal Reviewer: IEEE TIFS, TCSVT, TCAD, Access
• Organizer & Speaker: Tutorial: ML Security in Autonomous Systems, IROS 2024

📬 Contact & Links

• Email: ag9321@nyu.edu

I am always open to collaborations on AI security, adversarial robustness, and trustworthy ML systems.