Back to all members...

Lukas Aichberger

Associate Member (PhD), started 2024

Lukas is a PhD student at the renowned ELLIS society, co-supervised by Sepp Hochreiter at Johannes Kepler University Linz and Yarin Gal at the University of Oxford.

His research focuses on safety, robustness, and trustworthiness in machine learning, with a particular emphasis on improving uncertainty quantification. On the theoretical side, his work has provided new insights into information-theoretic measures of predictive uncertainty. On the applied side, Lukas has developed QUAM, a method for improving uncertainty estimation in classification models, as well as SDLG and G-NLL, which enhance the reliability and efficiency of uncertainty estimation in language models. Recently, he has also investigated the robustness of multimodal OS agents, uncovering critical safety vulnerabilities by attacking them with malicious image patches.

Lukas holds an undergraduate degree from Vienna University of Economics and Business and a graduate degree in Artificial Intelligence from Johannes Kepler University Linz. Outside academia, he has gained extensive experience in consulting, industry and startups

Publications while at OATMLNews items mentioning Lukas AichbergerReproducibility and CodeBlog Posts

Publications while at OATML:

Attacking Multimodal OS Agents with Malicious Image Patches

Recent advances in operating system (OS) agents enable vision-language models to interact directly with the graphical user interface of an OS. These multimodal OS agents autonomously perform computer-based tasks in response to a single prompt via application programming interfaces (APIs). Such APIs typically support low-level operations, including mouse clicks, keyboard inputs, and screenshot captures. We introduce a novel attack vector: malicious image patches (MIPs) that have been adversarially perturbed so that, when captured in a screenshot, they cause an OS agent to perform harmful actions by exploiting specific APIs. For instance, MIPs embedded in desktop backgrounds or shared on social media can redirect an agent to a malicious website, enabling further exploitation. These MIPs generalise across different user requests and screen layouts, and remain effective for multiple OS agents. The existence of such attacks highlights critical security vulnerabilities in OS agents, whic... [full abstract]

Lukas Aichberger, Alasdair Paren, Yarin Gal, Philip Torr, Adel Bibi
arXiv
[paper]
More publications on Google Scholar.

Are you looking to do a PhD in machine learning? Did you do a PhD in another field and want to do a postdoc in machine learning? Would you like to visit the group?

How to apply


Contact

We are located at
Department of Computer Science, University of Oxford
Wolfson Building
Parks Road
OXFORD
OX1 3QD
UK
Twitter: @OATML_Oxford
Github: OATML
Email: oatml@cs.ox.ac.uk