Thorsten Eisenhofer

Thorsten Eisenhofer

Faculty · CISPA Helmholtz Center for Information Security

email google scholar orcid cispa profile

I'm a tenure-track faculty member at CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Before joining CISPA, I was a postdoctoral researcher in the Machine Learning and Security group at BIFOLD & TU Berlin working with Konrad Rieck. I completed my PhD at Ruhr University Bochum, advised by Thorsten Holz and as part of the Cluster of Excellence CASA. My dissertation was recognized by the faculty for outstanding achievements.

My research focuses on machine learning and computer security. I'm interested in all kinds of attacks on learning models and defenses to improve their robustness. This often means looking beyond the model itself and examining the entire computational pipeline, including pre-processing, post-processing, and the underlying hardware and software stack. I'm also interested in how learning-based approaches, including modern LLM and agent systems, can support core security tasks such as vulnerability analysis, fuzzing, and malware classification.

Along the way, I interned with the SecLab at UC Santa Barbara, working with Giovanni Vigna and Christopher Kruegel and joining Shellphish at the DEF CON CTF finals in Las Vegas. I have also been a visiting researcher at the Cleverhans Lab at the Vector Institute in Toronto, working with Nicolas Papernot. I hold a B.Sc. in Computer Science from Paderborn University and an M.Sc. in Computer Security from Ruhr University Bochum, where I graduated top of my class.

Publications

Preprints
No More, No Less: Task Alignment in Terminal Agents

Sina Mavali, David Pape, Jonathan Evertz, Samira Abedini, Devansh Srivastav, Thorsten Eisenhofer, Sahar Abdelnabi, Lea Schönherr

Computing Research Repository (CoRR)

arxiv
Hardware-Triggered Backdoors

Jonas Möller, Erik Imgrund, Thorsten Eisenhofer, Konrad Rieck

Computing Research Repository (CoRR)

pdf code arxiv
2026
Chasing Shadows: Pitfalls in LLM Security Research

Jonathan Evertz, Niklas Risse, Nicolai Neuer, Andreas Müller, Philipp Normann, Gaetano Sapia, Srishti Gupta, David Pape, Soumya Shaw, Devansh Srivastav, Christian Wressnegger, Erwin Quiring, Thorsten Eisenhofer, Daniel Arp, Lea Schönherr

Network and Distributed System Security Symposium (NDSS)

pdf website code arxiv
LLM-based Vulnerability Discovery through the Lens of Code Metrics

Felix Weissberg, Lukas Pirch, Erik Imgrund, Jonas Möller, Thorsten Eisenhofer, Konrad Rieck

IEEE/ACM International Conference on Software Engineering (ICSE)

pdf code
Whispers in the Machine: Confidentiality in Agentic Systems

Jonathan Evertz, Merlin Chlosta, Lea Schönherr, Thorsten Eisenhofer

Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)

pdf code arxiv
Shape-Shifting Malicious Code in Software Backdoors via Language Models

Mohammad Ebrahimi Fard, Felix Weissberg, Erik Imgrund, Thorsten Eisenhofer, Konrad Rieck

ACM Asia Conference on Computer and Communications Security (ASIACCS)

pdf code
2025
Adversarial Observations in Weather Forecasting

Erik Imgrund, Thorsten Eisenhofer, Konrad Rieck

ACM Conference on Computer and Communications Security (CCS) ★ Distinguished Paper Award

pdf code poster arxiv
Adversarial Inputs for Linear Algebra Backends

Jonas Möller, Lukas Pirch, Felix Weissberg, Sebastian Baunsgaard, Thorsten Eisenhofer, Konrad Rieck

International Conference on Machine Learning (ICML)

pdf code
Seeing Through: Analyzing and Attacking Virtual Backgrounds in Video Calls

Felix Weissberg, Jan Malte Hilgefort, Steve Grogorick, Daniel Arp, Thorsten Eisenhofer, Martin Eisemann, Konrad Rieck

USENIX Security Symposium

pdf code poster
Prompt Obfuscation for Large Language Models

David Pape, Sina Mavali, Thorsten Eisenhofer, Lea Schönherr

USENIX Security Symposium

pdf code arxiv
Verifiable and Provably Secure Machine Unlearning

Thorsten Eisenhofer, Doreen Riepel, Varun Chandrasekaran, Esha Ghosh, Olga Ohrimenko, Nicolas Papernot

IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)

pdf code slides poster arxiv
Exploring the Potential of LLMs for Code Deobfuscation

David Beste, Grégoire Menguy, Hossein Hajipour, Mario Fritz, Antonio Emanuele Cinà, Sébastien Bardin, Thorsten Holz, Thorsten Eisenhofer, Lea Schönherr

Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)

pdf code
Learned-Database Systems Security

Roei Schuster, Jin Peng Zhou, Thorsten Eisenhofer, Paul Grubbs, Nicolas Papernot

Transactions on Machine Learning Research (TMLR)

pdf arxiv
2024
A Representative Study on Human Detection of Artificially Generated Media Across Countries

Joel Frank, Franziska Herbert, Jonas Ricker, Lea Schönherr, Thorsten Eisenhofer, Asja Fischer, Markus Dürmuth, Thorsten Holz

IEEE Symposium on Security and Privacy (S&P)

pdf preregistration code arxiv
SoK: Where to Fuzz? Assessing Target Selection Methods in Directed Fuzzing

Felix Weissberg, Jonas Möller, Tom Ganz, Erik Imgrund, Lukas Pirch, Lukas Seidel, Moritz Schloegel, Thorsten Eisenhofer, Konrad Rieck

ACM Asia Conference on Computer and Communications Security (ASIACCS)

pdf code arxiv
Cross-Language Differential Testing of JSON Parsers

Jonas Möller, Felix Weissberg, Lukas Pirch, Thorsten Eisenhofer, Konrad Rieck

ACM Asia Conference on Computer and Communications Security (ASIACCS)

pdf code
2023
Security of Machine Learning Systems

Thorsten Eisenhofer

Dissertation ★ Faculty Award for Outstanding Achievement

pdf slides
No more Reviewer #2: Subverting Automatic Paper-Reviewer Assignment using Adversarial Learning

Thorsten Eisenhofer, Erwin Quiring, Jonas Möller, Doreen Riepel, Thorsten Holz, Konrad Rieck

USENIX Security Symposium

pdf slides examples code arxiv
VenoMave: Targeted Poisoning Against Speech Recognition

Hojjat Aghakhani, Lea Schönherr, Thorsten Eisenhofer, Dorothea Kolossa, Thorsten Holz, Christopher Kruegel, Giovanni Vigna

IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)

pdf code arxiv
Drone Security and the Mysterious Case of DJI's DroneID

Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, Thorsten Holz

Network and Distributed System Security Symposium (NDSS)

pdf code
On the Limitations of Model Stealing with Uncertainty Quantification Models

David Pape, Sina Däubener, Thorsten Eisenhofer, Antonio Emanuele Cinà, Lea Schönherr

European Symposium on Artificial Neural Networks (ESANN)

pdf arxiv
2022
Password-Authenticated Key Exchange from Group Actions

Michel Abdalla, Thorsten Eisenhofer, Eike Kiltz, Sabrina Kunzweiler, Doreen Riepel

Annual International Cryptology Conference (CRYPTO)

pdf
Exploring Accidental Triggers of Smart Speakers

Lea Schönherr, Maximilian Golla, Thorsten Eisenhofer, Jan Wiele, Dorothea Kolossa, Thorsten Holz

Computer Speech & Language (CSL)

pdf website arxiv
2021
Dompteur: Taming Audio Adversarial Examples

Thorsten Eisenhofer, Lea Schönherr, Joel Frank, Lars Speckemeier, Dorothea Kolossa, Thorsten Holz

USENIX Security Symposium

pdf talk slides code arxiv
2020
Leveraging Frequency Analysis for Deep Fake Image Recognition

Joel Frank, Thorsten Eisenhofer, Lea Schönherr, Asja Fischer, Dorothea Kolossa, Thorsten Holz

International Conference on Machine Learning (ICML)

pdf slides code arxiv
Imperio: Robust Over-the-Air Adversarial Examples for Automatic Speech Recognition Systems

Lea Schönherr, Thorsten Eisenhofer, Steffen Zeiler, Thorsten Holz, Dorothea Kolossa

Annual Computer Security Applications Conference (ACSAC)

pdf talk examples arxiv

Teaching

Instructor

SS 2026Research Problems in ML and Security, Hands-on, Saarland University  course
SS 2025Security and Privacy of AI, Seminar, TU Berlin
WS 2024/25Reproducing AI Attacks and Defenses, Hands-on, TU Berlin
SS 2024Security Playground for Generative Agents, Hands-on, TU Berlin
Privacy and Security in Learning, Seminar, TU Berlin
WS 2021/22ML & Computer Security, Hands-on, Ruhr University Bochum
SS 2021ML & Computer Security, Hands-on, Ruhr University Bochum
WS 2020/21ML & Computer Security, Hands-on, Ruhr University Bochum

Teaching Assistant

SS 2025Machine Learning for Computer Security, Lecture, TU Berlin
WS 2024/25Adversarial Machine Learning, Lecture, TU Berlin
SS 2024Machine Learning for Computer Security, Lecture, TU Berlin
SS 2021System Security, Lecture, Saarland University
SS 2020System Security, Lecture, Ruhr University Bochum
WS 2019/20Operating System Security, Lecture, Ruhr University Bochum
SS 2019System Security, Lecture, Ruhr University Bochum

Service

Reviewing

2027IEEE S&P
2026IEEE S&P ★ Distinguished Reviewer  ·  ACM CCS  ·  ACSAC  ·  SaTML  ·  WORMA
2025USENIX Security  ·  RAID  ·  SaTML  ·  AISec ★ Top Reviewer  ·  WORMA
2024USENIX Security  ·  ACM CCS  ·  RAID  ·  AISec ★ Top Reviewer  ·  WORMA  ·  SAC
2023ESANN  ·  WORMA
2022ICML  ·  USENIX Security Artifact Evaluation ★ Distinguished Reviewer
2020RuhrSec

Keynotes, Panels & Talks

2026

Security of Machine Learning Systems, Guest lecture, Reykjavik University

2025

Security of Machine Learning Systems, Guest lecture, TU Wien
Verifiable and Provably Secure Machine Unlearning, Conference talk, SaTML  slides
Security of Machine Learning Systems, Spring school "SAIL", Bielefeld University  slides

2024

Security of Machine Learning Systems, Keynote, WinterHack, Ruhr University Bochum  slides
Maschinelles Lernen in der IT-Sicherheit, Lecture series, Heidelberg University  slides
International Research Environments, Panel, Ruhr University Bochum
Machine Learning and Security, Lecture series, TU Berlin  slides

2023

Subverting Automatic Paper-Reviewer Assignment, Conference talk, USENIX Security  slides
Security of Machine Learning Systems, Defense, Ruhr University Bochum  slides
Communicating Research, Panel, Ruhr University Bochum  slides

2021

Adversarially Robust Speech Recognition, Spotlight, CASA Retreat  slides
Taming Audio Adversarial Examples, Conference talk, USENIX Security  slides

Press

Artificially Generated Media

CISPA, New results in AI research: Humans barely able to recognize AI-generated media
heise online, KI: Großer Teil kann KI-Inhalte nicht erkennen und weiß nicht, was KI ist
Ruhr University Bochum, New Findings from AI Research: Humans Can Hardly Recognize AI-generated Media
Valve World Expo, People can no longer recognize AI-generated media
radioeins, Warum Menschen KI-erstellte Inhalte häufig nicht mehr erkennen

Drone Security

Ruhr University Bochum, Security vulnerabilities detected in drones made by DJI
WIRED, This Hacker Tool Can Pinpoint a DJI Drone Operator's Exact Location
SPIEGEL, Warum Ukrainer deutsche Drohnen-Hacker um Rat bitten
Tom's Guide, DJI drones have serious security flaws that can crash them and track your location
DroneDJ, DJI says it fixed drone firmware security flaws before publication of research revealing them
Golem.de, DJI-Drohnen verraten Standort des Piloten
EurekAlert!, Security vulnerabilities detected in drones made by DJI
Caschys Blog, NDSS: DroneID von DJI kann leicht durch Angreifer gekapert werden
hackster.io, Researchers Release a Tool for Geolocating Commercial Drones and Their Operators
sUAS News, DIY DJI Aeroscope to find drone operator locations
News8Plus, Security vulnerabilities detected in drones made by DJI
Born's Tech and Windows World, Security: DJI drones and it's AeroScope vulnerabilities
System Weakness, Annoying Drone Near You? Fuzz It, Find the Operator
HACKREAD, Serious DJI Drones Flaws Could Crash Drones Mid-flight
C-UAS Hub, Security Vulnerabilities Found in DJI Drones
Bitdefender, Security Researchers Find Vulnerabilities that Could Crash DJI Drones and Pinpoint Pilots
HOMBURG1, Sicherheitslücken in Drohnen des Herstellers DJI entdeckt
infodron.es, Alemania descubre vulnerabilidades de seguridad en los drones de DJI
drones-magazin.de, Deutsche Forscher entdecken Sicherheitslücken bei DJI-Drohnen
DroneXL, DJI drones have serious security flaws that can crash them and track your location
DroneWatch, DJI stilletjes gestopt met productie van dronedetectiesysteem AeroScope
INDIA TODAY, How civilian drones are being used in Russia-Ukraine war
derSTANDARD, Russische Angriffe auf ukrainische Drohnenpiloten: DJI gesteht unsichere Datenübertragung ein
Forexdigital.net, Vulnerabilidades de segurança detectadas em drones fabricados pela DJI

Accidental Trigger

Ruhr University Bochum, When Speech Assistants Listen Even Though They Shouldn't
Ars Technica, Uncovered: 1,000 phrases that incorrectly trigger Alexa, Siri, and Google Assistant
NDR, Wenn der smarte Lautsprecher mit dem Tatort-Kommissar spricht
Süddeutsche Zeitung, Wenn Alexa aus Versehen lauscht
STRG_F, Sex, Streit, Arztgespräche: wie oft Smart Speaker heimlich mithören
tagesschau.de, Die lauschenden Lautsprecher
Tagesthemen, Sprachassistenten hören mit
ZDF logo!, Hat Siri schlechte Ohren?
detektor.fm, Alexa, spionierst du mich aus?
Fast Company, Tired of Saying 'Hey Google' and 'Alexa'? Change it Up with These Alternatives
Mitteldeutscher Rundfunk, Wann hören Sprachassistenten mit?
The Times, Not in Front of the Speaker! Words that Wake Up Alexa
Voicebot.ai, More Than 1,000 Phrases Will Accidentally Awaken Alexa, Siri, and Google Assistant
Hessischer Rundfunk, Immer ganz Ohr – Lauschangriff der Sprachassistenten
Max Planck Society, Uninvited Listeners in Your Speakers
Remote Chaos Experience, Alexa, Who Else Is Listening?
hackster.io, Incorrect Alexa, Siri, Google Assistant, and Cortana Trigger Words Are Compromising Your Privacy
Sputnik International, Alarming: Research Identifies Over 1,000 Phrases That Trick and Activate Voice Assistants
Tech Conversationalist, Are You Accidentally 'Waking Up' Your Smart Devices?
Mimikama, Wenn Sprachassistenten zuhören, obwohl sie gar nicht sollen!

Deep Fake Detection

Ruhr University Bochum, Fake-Bilder anhand von Frequenzanalysen erkennen
Homeland Security News Wire, Using Frequency Analysis to Recognize Fake Images
ElectronicsWeekly.com, Frequency Analysis can Help Reveal Deep Fake Images
Lab Manager, Recognizing Fake Images Using Frequency Analysis
SciTechDaily, Which Face is Real? Using Frequency Analysis to Identify 'Deep-Fake' Images
Spektrum.de, Mathematische Analyse soll alle Deep Fakes enttarnen
VDI nachrichten, Frequenzanalyse enttarnt Fake-Bilder
INGENIEUR.de, Social Media: Mit Frequenzanalysen Deep Fakes auf der Spur
INDUSTRY OF THINGS, Fake-Bilder anhand von Frequenzanalysen erkennen
ZDF logo!, Erkennt Greta Deep Fakes?

Adversarially Robust Speech Recognition

RUBIN, Wie Sprachassistenten unhörbare Befehle befolgen
elektroniknet.de, Angriffe auf Spracherkennungssoftware Kaldi
Tech Xplore, How Voice Assistants follow Inaudible Commands
INGENIEUR.de, Alexa, Siri und Co. – sicherer dank Training
sg.hu, Kivédhető a virtuális asszisztensek manipulálása
Ruhr University Bochum, Die Forschungsreise 'Möglichmacher' legt Halt in Bochum ein
WAZ, IT-Sicherheit heißt: Immer einen Schritt voraus zu sein