Briland Hitaj
AI Security, Privacy, and Safety Researcher
hitaj [at] di [dot] uniroma1 [dot] it
Embedded Files
I am an Advanced Computer Scientist at the Computer Science Laboratory (CSL) of SRI International.
Previously, I was a Visiting Research Scholar at the Department of Computer Science at Stevens Institute of Technology working with Prof. Giuseppe Ateniese in the intersection between security, privacy and deep learning.
On October 2018, I earned my Ph.D. in Computer Science from Department of Computer Science at Sapienza University of Rome. I consider myself lucky and honored to have been advised from and worked alongside Prof. Luigi V. Mancini and Prof. Giuseppe Ateniese.
My research interests include but are not limited to security, privacy, deep learning, generative adversarial networks (GANs) uses in security & privacy related problems, (distributed) privacy-preserving machine learning, cyber-intelligent agents, application and incorporation of deep learning in cyber-security domain.
Highlighted Publications
Highlighted Publications
MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding
MaleficNet: Hiding Malware into Deep Neural Networks Using Spread-Spectrum Channel Coding
Dorjan Hitaj, Giulio Pagnotta, Briland Hitaj, Luigi V. Mancini, Fernando Perez-Cruz
In this paper, we push the boundaries of current state-of-the-art by introducing MaleficNet, a technique that combines spread-spectrum channel coding with error correction techniques, injecting malicious payloads in the parameters of deep neural networks, all while causing no degradation to the model’s performance and successfully bypassing state-of-the-art detection and removal mechanisms.
Venue: ESORICS'22 [PDF]
FedComm: Federated Learning as a Medium for Covert Communication
FedComm: Federated Learning as a Medium for Covert Communication
Dorjan Hitaj, Giulio Pagnotta, Briland Hitaj, Fernando Perez-Cruz, Luigi V. Mancini
We introduce FedComm, a novel covert-communication technique that enables robust sharing and transfer of targeted payloads within the FL framework. Our extensive theoretical and empirical evaluations show that FedComm provides a stealthy communication channel, with minimal disruptions to the training process.
Venue: IEEE TDSC [PDF]
PassGAN: A Deep Learning Approach for Password Guessing
PassGAN: A Deep Learning Approach for Password Guessing
Briland Hitaj, Paolo Gasti, Giuseppe Ateniese, Fernando Perez-Cruz
In this paper, we introduce PassGAN, a novel approach that replaces human-generated password rules with theory-grounded machine learning algorithms. PassGAN autonomously learns the distribution of real passwords from actual password leaks, and generates high-quality password guesses without any a-priori knowledge on passwords or common password structures.
Venue: ACNS'19
SECML'18 (co-located with NeurIPS) [PDF] - no proceedings
One of the Coolest Hacks of 2017 -- DarkReading
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning
Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning
Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz
We show that any privacy-preserving collaborative deep learning is susceptible to a powerful attack that we devise in this paper. The attack we developed exploits the real-time nature of the learning process that allows the adversary to train a Generative Adversarial Network (GAN) that generates prototypical samples of the targeted training set that was meant to be private.
Venue: ACM CCS'17 [PDF] [SLIDES] [PRESENTATION]
Best Ph.D Student Paper of the Year 2017 -- CS Department, Sapienza University of Rome
No Place to Hide that Bytes won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position
No Place to Hide that Bytes won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position
Giuseppe Ateniese, Briland Hitaj, Luigi V. Mancini, Nino V. Verde, Antonio Villani
In this paper, we propose a new adversary model for Location Based Services (LBSs). The model takes into account an unauthorized third party, different from the LBS provider itself, that wants to infer the location and monitor the movements of a LBS user. We show that such an adversary can extrapolate the position of a target user by just analyzing the size and the timing of the encrypted traffic exchanged between that user and the LBS provider.
Press Coverage
Press Coverage
LLM Risks from A to Z [SRI International]
A New Security Threat to AI Models: SRI research demonstrates how bad actors might encode undetectable malware inside complex deep neural networks [SRI International]
SRI chosen to deliver cyber-psychology informed network defense technology for IARPA [SRI International]
SRI researchers tap Large Language Models to improve password security [SRI International]
Privacy Attacks in Federated Learning [Responsible Technology Adoption Unit - UK Government (a collaboration between CDEI + NIST)]
PassGPT | Using language models to enhance password security [Swiss Data Science Center]
Can We Stop the AI Cyber Threat? [Malicious Life Podcast]
Is Generative AI Dangerous? [Malicious Life Podcast]
Meet PassGPT: An LLM Trained on Password Leaks for Password Generation [MarkTechPost]
Meet PassGPT, the AI Trained on Millions of Leaked Passwords [Decrypt]
No one is safe anymore, this AI is trained to guess your password [Level Up Coding - Medium]
Meet PassGPT, the AI Trained on Millions of Leaked Passwords [Yahoo! Finance]
Why 'Good AI' Is Likely The Antidote To The New Era of AI Cybercrime [Forbes]
As AI Becomes More Ever Capable, Will It End Up Helping, Or Hindering, the Hackers? [Forbes]
How GANs Can Cause a Privacy Breach in Federated Deep Learning [OpenMined]
Artificial Intelligence Gets Real [Stevens]
AI Could Make Cyberattacks More Dangerous, Harder to Detect [The Wall Street Journal]
Machine Learning for Cybercriminals 101 [Towards Data Science]
Why You Should Worry About This New AI-Powered Cyberattack [Stevens]
PassGAN: Cracking Passwords with Generative Adversarial Networks [SecurityIntelligence - IBM]
Using defensive AI to strip cyberattackers of their advantage [Venture Beat]
The Coolest Hacks of 2017 [Dark Reading]
How Machine Learning-powered Password Guessing Impacts Security [TechTarget - SearchSecurity]
What Artificial Intelligence means for Your Business' Password Strategy [LastPass blog]
2018 Cybersecurity Forecast: How Artificial Intelligence Can Help Hackers Breach Your Business Passwords [dashlane blog]
PassGAN: Password Cracking Using Machine Learning [Dark Reading]
Artificial Intelligence, Slayer of Passwords [Sensors Magazine]
Deep-Learning PassGAN Tool Improves Password Guessing [Threatpost]
AI slurps, learns millions of passwords to work out which one you may use next [The Register]
Researchers Show How A.I. is the End of Passwords as We Know Them [Inverse]
A Pair of AIs Have Become Very Good at Guessing Your Passwords [MIT Technology Review]
Artificial Intelligence just made guessing your password a whole lot easier [Science Magazine]
News
News
January 20th, 2026 - Our paper "LLM in the Middle: A Systematic Review of Threats and Mitigations to Real-World LLM-based Systems", a joint work with Vitor Hugo Galhardo Moia, Igor Jochem Sanz, Gabriel Antonio Fontes Rebello, Rodrigo Duarte de Meneses, and Ulf Lindqvist was accepted for publication at the Computer Science Review journal. A pre-print of the paper can be found here: https://arxiv.org/pdf/2509.10682
December 4th, 2025 - A pre-print of our paper "Multi-LLM Collaboration for Medication Recommendation", a joint work with Huascar Sanchez, Jules Bergmann, and Linda Briesemeister is now online at https://arxiv.org/pdf/2512.05066
October 4th, 2025 - A pre-print of our paper "LLM Chemistry Estimation for Multi-LLM Recommendation", a joint work with Huascar Sanchez is now online at https://arxiv.org/pdf/2510.03930
September 12th, 2025 - A pre-print of our paper "LLM in the Middle: A Systematic Review of Threats and Mitigations to Real-World LLM-based Systems", a joint work with Vitor Hugo Galhardo Moia, Igor Jochem Sanz, Gabriel Antonio Fontes Rebello, Rodrigo Duarte de Meneses, and Ulf Lindqvist is now online at https://arxiv.org/pdf/2509.10682
July 3rd, 2025 - Our paper "Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem", a joint work with Dorjan Hitaj, Giulio Pagnotta, Fabio De Gaspari, Sediola Ruko, Luigi V. Mancini, and Fernando Perez-Cruz was accepted to appear at the IEEE Transactions on Dependable and Secure Computing (TDSC) journal.
April 14th, 2025 - Our paper "A Case Study on the Use of Representativeness Bias as a Defense Against Adversarial Cyber Threats", a joint work with Grit Denker, Laura Tinnel, Michael McAnally, Nathan Bunting, Alex Fafard, Daniel Aaron, Richard D. Roberts, Bruce DeBruhl, Joshua Lawson, Greg McCain, and Dylan Starink was accepted at the 4th Workshop on Active Defense and Deception (AD&D), co-located with the 10th IEEE European Symposium on Security and Privacy (EuroSP 2025). https://arxiv.org/pdf/2504.20245
October 1st, 2024 - Our paper "TATTOOED: A Robust Deep Neural Network Watermarking Scheme based on Spread-Spectrum Channel Coding", a joint work with Giulio Pagnotta, Dorjan Hitaj, Fernando Perez-Cruz, and Luigi V. Mancini was accepted to appear at the 40th edition of the Annual Computer Security Applications Conference (ACSAC 2024).
March 28th, 2024 - I received a Spot Award from SRI International. In recognition of staff initiatives and ideas of an organizational impact that provide noticeable improvements.
March 25th, 2024 - I celebrated 5-years at SRI International.
October 5th, 2023 - I appeared on the recent episode of Malicious Life Podcast, titled "Can We Stop the AI Cyber Threat?" - https://podcasts.apple.com/us/podcast/can-we-stop-the-ai-cyber-threat/id1252417787?i=1000626701013
September 15th, 2023 - I received a Spot Award from SRI International. In recognition of individual or team efforts that support SRI's Core Values.
August 22, 2023 - I was invited to discuss MaleficNet in the recent episode of Malicious Life Podcast, titled "Is Generative AI Dangerous?" - https://podcasts.apple.com/us/podcast/malicious-life/id1252417787?i=1000625300252
August 14, 2023 - Our paper "PassGPT: Password Modeling and (Guided) Generation with Large Language Models", a joint work with Javier Rando and Fernando Perez-Cruz was accepted at the 28th European Symposium on Research in Computer Security (ESORICS 2023).
June 7, 2023 - Our paper "FedComm: Federated Learning as a Medium for Covert Communication", a joint work with Dorjan Hitaj, Giulio Pagnotta, Fernando Perez-Cruz, and Luigi V. Mancini was accepted to appear at the IEEE Transactions on Dependable and Secure Computing (TDSC) journal.
June 2, 2023 - A pre-print of our paper "PassGPT: Password Modeling and (Guided) Generation with Large Language Models", a joint work with Javi Rando and Fernando Perez-Cruz, is now online at https://arxiv.org/pdf/2306.01545.pdf
June 2, 2023 - Our paper "Critical Infrastructure Security Goes to Space: Leveraging Lessons Learned on the Ground – A Position Paper" , a joint work with Tim Ellis, Ulf Lindqvist, Deborah Shands, Laura Tinnel, and Bruce DeBruhl was accepted to appear at the 2023 Accelerating Space Commerce, Exploration, and New Discovery (ASCEND) conference.
May 20, 2023 - 2 of our papers, namely "CoProver: A Recommender System for Proof Construction" and "An Augmented MetiTarski Dataset for Real Quantifier Elimination using Machine Learning", were accepted to appear at the 16th Conference on Intelligent Computer Mathematics (CICM'23), taking place in Cambridge, UK.
March 20, 2023 - A pre-print of our paper "Automatic Measures for Evaluating Generative Design Methods for Architects", a joint work with Eric Yeh, Vidyasagar Sadhu, Anirban Roy, Takuma Nakabayashi, and Yoshito Tsuji, is now online at https://arxiv.org/pdf/2303.11483.pdf.
March 11, 2023 - Our paper "Software Introspection for Signaling Social-Cyber Operations", a joint work with Huascar Sanchez, was accepted at the Design Automation for CPS and IoT workshop (DESTION 2023).
March 1, 2023 - A pre-print of our paper "CoProver: A Recommender System for Proof Construction", a joint work with Eric Yeh, Sam Owre, Maena Quemener, and Natarajan Shankar, in now online at https://arxiv.org/pdf/2304.10486.pdf.
February 28, 2023 - A pre-print of our paper "Revisiting Variable Ordering for Real Quantifier Elimination using Machine Learning", a joint work with John Hester, Grant Passmore, Sam Owre, Natarajan Shankar, and Eric Yeh, is now online at https://arxiv.org/pdf/2302.14038.pdf.
October 6, 2022 - A pre-print of our paper "Trust in Motion: Capturing Trust Ascendancy in Open-Source Projects using Hybrid AI", a joint work with Huascar Sanchez, is now online at https://arxiv.org/pdf/2210.02656.pdf.
October 1, 2022 - I will serve as Treasurer for IEEE S&P 2023.
August 17, 2022 - Our paper "Adversarial Scratches: Deployable Attacks to CNN Classifiers", a joint work with Loris Giulivi, Malhar Jere, Loris Rossi, Farinaz Koushanfar, Gabriela Ciocarlie, and Giacomo Boracchi, was accepted for publication at Pattern Recognition journal.
July 23, 2022 - Our paper "MaleficNet: Hiding Malware into Deep Neural Networks using Spread-Spectrum Channel Coding", a joint work with Dorjan Hitaj, Giulio Pagnotta, Luigi V. Mancini, and Fernando Perez-Cruz, was accepted at the 27th European Symposium on Research in Computer Security (ESORICS 2022).
April 21, 2022 - A pre-print of our paper "Adversarial Scratches: Deployable Attacks to CNN Classifiers", a joint work with Loris Giulivi, Malhar Jere, Loris Rossi, Farinaz Koushanfar, Gabriela Ciocarlie, and Giacomo Boracchi, is now online at https://arxiv.org/abs/2204.09397.
April 4, 2022 - I am happy to share that I got promoted to Advanced Computer Scientist II at SRI International.
March 20, 2022 - I received the AMiner 2022 AI 2000 Most Influential Scholar Honorable Mention in Security and Privacy. Ranked in the Top-100 most influential scholars in security and privacy for the year 2022, for outstanding and vibrant contributions to the field between 2012 and 2021.
March 3, 2022 - Our paper "Capturing the iccMAX calculatorElement: A Case Study on Format Design", a joint work with Vijay H. Kothari, Prashant Anantharaman, Sean W. Smith, Prashanth Mundkur, Natarajan Shankar, Letitia W. Li, Iavor Diatchki, and William Harris, was accepted at the LangSec Workshop 2022 (co-located with IEEE S&P symposium).
February 12, 2022 - An e-print version of our paper " TATTOOED: A Robust Deep Neural Network Watermarking Scheme based on Spread-Spectrum Channel Coding", a joint work with Giulio Pagnotta, Dorjan Hitaj, Fernando Perez-Cruz, and Luigi V. Mancini, is now online at https://arxiv.org/abs/2202.06091.
January 21, 2022 - An e-print version of our paper "FedComm: Federated Learning as a Medium for Covert Communication", a joint work with Dorjan Hitaj, Giulio Pagnotta, Fernando Perez-Cruz, and Luigi V. Mancini, is now online at https://arxiv.org/abs/2201.08786.
October 01, 2021 - I will continue serving as Donations Chair for IEEE S&P 2022.
October 28, 2020 - Our paper, "Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot Attacks", a joint work with Dorjan Hitaj, Sushil Jajodia, and Luigi V. Mancini, was accepted at IEEE Intelligent Systems
August 28, 2020 - I will serve as Donations Chair for IEEE S&P 2021.
July 24, 2020 - An updated version of our paper "Scratch that! An Evolution-based Adversarial Attack against Neural Networks", a joint work with Malhar Jere, Loris Rossi, Gabriela Ciocarlie, Giacomo Boracchi, and Farinaz Koushanfar, is now online at https://arxiv.org/abs/1912.02316
July 14, 2020 - I will serve in the Program Committee of PrivateNLP@EMNLP 2020
December 5, 2019 - An e-print version of our paper "Scratch that! An Evolution-based Adversarial Attack against Neural Networks", a joint work with Malhar Jere, Gabriela Ciocarlie, and Farinaz Koushanfar, is now online at https://arxiv.org/abs/1912.02316
May 20, 2019 - I will serve as Donations Chair for IEEE S&P 2020.
April 1, 2019 - Our paper, "PassGAN: A Deep Learning Approach for Password Guessing", a joint work with Paolo Gasti, Giuseppe Ateniese and Fernando Perez-Cruz, was accepted at the 17th International Conference on Applied Cryptography and Network Security (ACNS 2019)
April 1, 2019 - Our paper, "Evasion Attacks Against Watermarking Techniques found in MLaaS Systems", a joint work with Dorjan Hitaj and Luigi V. Mancini, was accepted at the 6th IEEE International Conference on Software Defined Systems (SDS2019)
March 25, 2019 - I joined Computer Science Laboratory at SRI International in the position of Advanced Computer Scientist!
December 17, 2018 - My ACM CCS'17 paper, "Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning", a joint work with Giuseppe Ateniese and Fernando Perez-Cruz, was selected as the winning article for the "Best Ph.D Student Paper of the Year 2017 Award", for papers co-authored by a Ph.D. student in Computer Science of Sapienza University of Rome for the Year 2017, (entitled to the memory of Mattia Gastaldello).
November 12, 2018 - Our paper, "PassGAN: A Deep Learning Approach for Password Guessing", a joint work with Paolo Gasti, Giuseppe Ateniese and Fernando Perez-Cruz, was accepted at the NIPS 2018 Workshop on Security in Machine Learning (SECML 2018)
October 5, 2018 - I defended my PhD dissertation: "GANs n' Privacy: Novel Attacks on Privacy via Generative Adversarial Networks" in front of the external committee members, concluding so the second and final phase of PhD defense
July 9, 2018 - I gave a presentation of my PhD thesis: "GANs n' Privacy: Novel Attacks on Privacy via Generative Adversarial Networks" in front of faculty members from Department of Computer Science at Sapienza University of Rome, concluding so the first phase of PhD defense
March 9, 2018 - An updated version of our paper "PassGAN: A Deep Learning Approach for Password Guessing", a joint work with Paolo Gasti, Giuseppe Ateniese and Fernando Perez-Cruz, is now online at https://arxiv.org/abs/1709.00440v2
September 1, 2017 - An e-print version of our paper "PassGAN: A Deep Learning Approach for Password Guessing", a joint work with Paolo Gasti, Giuseppe Ateniese and Fernando Perez-Cruz, is now online at https://arxiv.org/abs/1709.00440
August 2, 2017 - Our paper, "Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning", a joint work with Giuseppe Ateniese and Fernando Perez-Cruz, was accepted at the 24th ACM Conference on Computer and Communications Security (ACM CCS 2017)
May 24, 2017 - An updated version of our paper "Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning", a joint work with Giuseppe Ateniese and Fernando Perez-Cruz, is now online at https://arxiv.org/abs/1702.07464
February 27, 2017 - An e-print version of our paper "Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning", a joint work with Giuseppe Ateniese and Fernando Perez-Cruz, can now be found online at https://arxiv.org/abs/1702.07464
May 16, 2016 - March 24, 2019 - Visiting Research Scholar at Stevens Institute of Technology. Working with Prof. Giuseppe Ateniese in the intersection between Deep Learning and cyber-security
August 31, 2015 - Awarded the Student Travel Grant for SIGSAC CCS 2015 conference
August 01, 2015 - Our paper entitled "No Place to Hide that Bytes won't Reveal: Sniffing Location-Based Encrypted Traffic to Track a User's Position" was accepted at the 9th International Conference on Network and System Security (NSS 2015).
April, 2015 - participated at Locked Shields 2015, as member of Team Sapienza, responsible for the protection of a set of web services against malicious attacks
Google Sites
Report abuse