Maria-Irina Nicolae, PhD

Lead Researcher in AI and Security at Bosch Center for AI

I am an AI researcher with over 10 years of experience at the intersection of AI and security.

My work today centers on making AI systems more secure, robust, and trustworthy, with a focus on LLM evaluation and adversarial ML. Beyond securing AI, I have also contributed to the usage of AI in security, including ML-based fuzzing and intrusion detection.

Research interests

Security for machine learning, adversarial attacks
LLM evaluation, alignment and trust
Machine learning for security: fuzzing, intrusion detection, AI agents

Projects

Transformer-based CAN fuzzing – 20x increase in fault discovery for ECU testing and automotive protocols.
Security Garten – editor of a technical blog on security, privacy and safety.
Adversarial Robustness Toolbox (ART) – open-source library for evaluating and defending ML models.

Selected talks

Securing LLMs Against Extraction Attacks, Women in AI Security workshop, Alan Turing Institute, 2025
Fuzz Testing with ML, Dagstuhl Seminar on Intelligent Security: Is “AI for Cybersecurity” a Blessing or a Curse?, 2022
BlackHat Arsenal demos (USA & EU), 2018 – 2019

Experience

Senior Researcher — AI Security & Trust, Bosch Research, 2019 – present
Researcher — Adversarial AI, IBM Research, 2017 – 2019
PhD in Representation Learning, Jean Monnet University, 2013 – 2016

Publications

Google Scholar | DBLP

2025

- Z. Zhuang, **M.-I. Nicolae**, H.-P. Wang, M. Fritz. *ProxyPrompt: Securing System Prompts against Prompt Extraction Attacks.* **2025**. [arXiv](https://arxiv.org/abs/2505.11459) - Z. Zhuang, H.-P. Wang, **M.-I. Nicolae**, M. Fritz. *Stealix: Model Stealing via Prompt Evolution.* **ICML 2025**. [ICML page](https://icml.cc/virtual/2025/poster/44026) | [arXiv](https://www.arxiv.org/abs/2506.05867) | [project page](https://zhixiongzh.github.io/stealix/) - Y. Shen, Z. Zhuang, K. Yuan, **M.-I. Nicolae**, M. Fritz. *Medical Multimodal Model Stealing Attacks via Adversarial Domain Alignment.* **AAAI 2025**. [AAAI page](https://ojs.aaai.org/index.php/AAAI/article/view/32734)| [arXiv](https://arxiv.org/abs/2502.02438) | [blog post](https://medium.com/security-garten/stealing-medical-ai-with-cat-photos-the-hidden-threat-to-radiology-models-292324b022c5)

2024

- Z. Zhuang, **M.-I. Nicolae**, M. Fritz. *Stealthy Imitation: Reward-Guided Environment-Free Policy Stealing.* **ICML 2024**. [PDF](https://proceedings.mlr.press/v235/zhuang24a.html) | [arXiv](https://arxiv.org/abs/2405.07004) | [code](https://github.com/boschresearch/stealthy-imitation) | [project page](https://zhixiongzh.github.io/stealthy-imitation/)

2023

- **M.-I. Nicolae**, M. Eisele, A. Zeller. *Revisiting Neural Program Smoothing for Fuzzing.* **ESEC/FSE 2023.** [PDF](https://dl.acm.org/doi/10.1145/3611643.3616308) | [arXiv](https://arxiv.org/abs/2309.16618">arXiv) | [MLFuzz repo](https://github.com/boschresearch/mlfuzz)

Patents

20+ issued US / EU / CN patents in adversarial ML, LLM security and embedded AI. Full list here.

Contact

irina (dot) nicolae (at) bosch (dot) com
LinkedIn
GitHub
Résumé (PDF)