Technical essays at the intersection of ML security, explainability, and the gap between what a model proves and what a system can deploy.
Not a UI — a diagnostic probe
In Q-PhishNet, LIME outputs are run across the training set to expose adversarially poisoned samples through anomalous feature importance profiles. The explanation is no longer for a user — it is a probe of the model's relationship to its training data.
Gradient inversion breaks federated promises
Federated learning avoids raw data sharing but leaves gradient transmissions exposed. FIDES closes this gap by securing the gradient channel with CV-QKD — shifting security guarantees from computational assumptions to physical laws of quantum mechanics.
Active suppression vs. influence erasure
Behavioral tests (forget-set accuracy below 5%) cannot distinguish a model that genuinely lost a pattern from one that memorized how to hide it. True verification requires statistical indistinguishability from a counterfactual — an open research frontier.
Tampa changed how I evaluate my own work
A model that achieves 99.4% simulation accuracy is useless if it cannot survive hardware constraints. After IEEE ICSC in Tampa, every paper I write now includes the deployment engineer's questions: QBER thresholds, graceful degradation strategies, and real-world failure modes.
Gradient inversion attacks can reconstruct training data from intercepted gradient updates. Federated learning solves the data-sharing problem. It does not solve the gradient privacy problem. FIDES addresses this gap.
LIME generates a local approximation around one prediction. It does not explain the model globally. Understanding the difference matters enormously for security and medical AI applications.
The shift between using LIME to explain a prediction to a user and using LIME to identify which training samples were adversarially poisoned is a genuine reframing of what explainability is for.
Approximate unlearning is behaviourally verifiable but not statistically provable. The gap between 'forget-set accuracy under 5%' and 'statistically indistinguishable from a model never trained on that data' is the central open problem in the field.
I went to Tampa expecting to defend my paper. The questions I received weren't about the paper. They were about deployment — and that gap changed how I evaluate my own work.