Publications

Edoardo Debenedetti, Jie Zhang, Mislav Balunović, Luca Beurer-Kellner, Marc Fischer, Florian Tramèr (2024). AgentDojo: A Dynamic Environment to Evaluate Attacks and Defenses for LLM Agents. NeurIPS D&B 2024.

PDF Cite Code Project

Edoardo Debenedetti, Javier Rando, Daniel Paleka, Silaghi Fineas Florin, Dragos Albastroiu, Niv Cohen, Yuval Lemberg, Reshmi Ghosh, Rui Wen, Ahmed Salem, Giovanni Cherubin, Santiago Zanella-Beguelin, Robin Schmid, Victor Klemm, Takahiro Miki, Chenhao Li, Stefan Kraft, Mario Fritz, Florian Tramèr, Sahar Abdelnabi, Lea Schönherr (2024). Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition. NeurIPS D&B 2024 (Spotlight).

PDF Cite Code Dataset Project

Patrick Chao, Edoardo Debenedetti, Alexander Robey, Maksym Andriushchenko, Francesco Croce, Vikash Sehwag, Edgar Dobriban, Nicolas Flammarion, George J. Pappas, Florian Tramèr, Hamed Hassani, Eric Wong (2024). JailbreakBench: An Open Robustness Benchmark for Jailbreaking Large Language Models. NeurIPS D&B 2024.

PDF Cite Code Dataset Project

Fredrik Nestaas, Edoardo Debenedetti, Florian Tramèr (2024). Adversarial Search Engine Optimization for Large Language Models. arXiv.

PDF Cite

Xiangyu Qi, Yangsibo Huang, Yi Zeng, Edoardo Debenedetti, Jonas Geiping, Luxi He, Kaixuan Huang, Udari Madhushani, Vikash Sehwag, Weijia Shi, Boyi Wei, Tinghao Xie, Danqi Chen, Pin-Yu Chen, Jeffrey Ding, Ruoxi Jia, Jiaqi Ma, Arvind Narayanan, Weijie J Su, Mengdi Wang, Chaowei Xiao, Bo Li, Dawn Song, Peter Henderson, Prateek Mittal (2024). AI Risk Management Should Incorporate Both Safety and Security. arXiv.

PDF Cite

Edoardo Debenedetti, Zishen Wan, Maksym Andriushchenko, Vikash Sehwag, Kshitij Bhardwaj, Bhavya Kailkhura (2024). Scaling Compute Is Not All You Need for Adversarial Robustness. ICLR 2024 R2FM Workshop.

PDF Cite Code

Edoardo Debenedetti, Nicholas Carlini, Florian Tramèr (2024). Evading Black-box Classifiers Without Breaking Eggs. IEEE SaTML 2024 (Distinguished Paper Runner-up).

PDF Cite Code Poster Slides Video

Edoardo Debenedetti, Giorgio Severi, Nicholas Carlini, Christopher A. Choquette-Choo, Matthew Jagielski, Milad Nasr, Eric Wallace, Florian Tramèr (2023). Privacy Side Channels in Machine Learning Systems. USENIX Security 2024.

PDF Cite

Edoardo Debenedetti, Vikash Sehwag, Prateek Mittal (2022). A Light Recipe to Train Robust Vision Transformers. IEEE SaTML 2023.

PDF Cite Code Poster Slides Video

Edoardo Debenedetti (2022). Adversarially Robust Vision Transformers. EPFL.

PDF Cite

Francesco Croce, Maksym Andriushchenko, Vikash Sehwag, Edoardo Debenedetti, Nicolas Flammarion, Mung Chiang, Prateek Mittal, Matthias Hein (2021). RobustBench: A standardized benchmark for adversarial robustness. NeurIPS 2021 Datasets and Benchmarks Track.

PDF Cite Code