Maximilian Noppel

Email
Telephone	+49 721 608-46190
Room	163
Address	Karlsruhe Institute of Technology Institute of Information Security and Dependability Am Fasanengarten 5, Geb. 50.34 76131 Karlsruhe, Germany

Academic Staff at the "Artificial Intelligence and Security" research group

About me

I am a doctoral researcher in the group of Christian Wressnegger. After my B.Sc. in Computer Science and three years as a Software Engineer and Software Architect for embedded multiprocessor devices, I decided to head back to university. In 2020, I graduated to M.Sc. in Computer Science at the Karlsruhe Institute of Technology (KIT). My studies were concentrated on IT Security, Cryptography, Anonymity and Privacy, and Algorithm Engineering.

As a doctoral researcher, I now focus on the vulnerabilities of eXplainable Artificial Intelligence (XAI) in adversarial environments. XAI methods augment the predictions of an ML model by an additional output, the explanation. This increase in the amount of outputs potentizes the number of possible adversarial goals. An adversary may fool the prediction, the explanation, or both simultaneously. With the term 'fooling,' we capture diverse incentives, e.g., showing a target explanation or injecting a backdoor. I research these attacks with varying threat models, explanation methods, model architectures, and application domains. My research highlights the necessity of robustness guarantees for XAI, which I hope to be able to provide at some point.

Please also consider my personal webpage for further information.

Publications

2025

Generalized Adversarial Code-Suggestions: Exploiting Contexts of LLM-based Code-Completion.
Karl Rubel*, Maximilian Noppel* and Christian Wressnegger.
Proc. of 20th ACM Asia Conference on Computer and Communications Security (ASIA CCS), August 2025.

POMELO: Black-Box Feature Attribution with Full-Input, In-Distribution Perturbations.
Luan Ademi*, Maximilian Noppel* and Christian Wressnegger.
Proc. of 3rd World Conference on eXplainable Artificial Intelligence (XAI), July 2025.

Composite Explanation-Aware Attacks.
Maximilian Noppel and Christian Wressnegger.
Proc. of 8th IEEE Deep Learning Security and Privacy Workshop (DLSP), May 2025.

2024

Model-Manipulation Attacks Against Black-Box Explanations.
Achyut Hegde, Maximilian Noppel and Christian Wressnegger.
Proc. of 40th Annual Computer Security Applications Conference (ACSAC), December 2024.
Best Paper Award Runner-Up

A Brief Systematization of Explanation-Aware Attacks.
Maximilian Noppel and Christian Wressnegger.
Proc. of 47th German Conference on Artificial Intelligence, September 2024.

SoK: Explainable Machine Learning in Adversarial Environments.
Maximilian Noppel and Christian Wressnegger.
Proc. of 45th IEEE Symposium on Security and Privacy (S&P), May 2024.

2023

Poster: Fooling XAI with Explanation-Aware Backdoors.
Maximilian Noppel and Christian Wressnegger.
Proc. of 30th ACM Conference on Computer and Communications Security (CCS), November 2023.

Explanation-Aware Backdoors in a Nutshell.
Maximilian Noppel and Christian Wressnegger.
Proc. of 46th German Conference on Artificial Intelligence, September 2023.

Disguising Attacks with Explanation-Aware Backdoors.
Maximilian Noppel, Lukas Peter and Christian Wressnegger.
Proc. of 44th IEEE Symposium on Security and Privacy (S&P), May 2023.

2022

Backdooring Explainable Machine Learning.
Maximilian Noppel, Lukas Peter and Christian Wressnegger.
Technical report, arXiv:2204.09498, April 2022.

2021

LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems.
Niclas Kühnapfel, Stefan Preußler, Maximilian Noppel, Thomas Schneider, Konrad Rieck and Christian Wressnegger.
Proc. of 37th Annual Computer Security Applications Conference (ACSAC), December 2021.

Plausible Deniability for Anonymous Communication.
Christiane Kuhn*, Maximilian Noppel*, Christian Wressnegger and Thorsten Strufe.
Proc. of 21st Workshop on Privacy in the Electronic Society (WPES), November 2021.

2019

GI Elections with POLYAS: a Road to End-to-End Verifiable Elections.
Bernhard Beckert, Achim Brelle, Rüdiger Grimm, Nicolas Huber, Michael Kirsten, Ralf Küsters, Jörn Müller-Quade, Maximilian Noppel, Kai Reinhard, Jonas Schwab, Rebecca Schwerdt, Tomasz Truderung, Melanie Volkamer and Cornelia Winter.
Proc. of 4th International Joint Conference on Electronic Voting (E-Vote-ID), October 2019.

Chairs

Artifacts Co-Chair: Privacy Enhancing Technologies Symposium (PoPETs/PETS) in 2024 and 2025

Committee Memberships

Artifacts Committee: Privacy Enhancing Technologies Symposium (PoPETs/PETS) from 2022 until now
Program Committee: The International Conference on Availability, Reliability and Security (ARES) from 2024 until now
Program Committee: The ACM Workshop on Artificial Intelligence and Security (AISec) from 2024 until now (Top Reviewer).

Convention of the Scientific Staff and Council for Devision II

As a member of the Convention of the Scientific Staff (German: "Mitarbeiterkonvent") and as a member of the Council for Devision II (German: "Bereichsrat für Bereich II") I am happy to receive your emails regarding any suggestions for the future development of the KIT.

Teaching

Courses

Practical Course: Application Security in winter and summer from 2020/21 until now
Seminar: Explainable Machine Learning in winter from 2020/21 until 2022/23
Seminar: Hot Topics in Explainable Machine Learning in summer 2023
Seminar: Hot Topics in Security of Machine Learning in winter 2023/24
Seminar: Vulnerability Discovery in summer 2021 and 2022
Seminar: Public Key Cryptography in winter 2021/22
Practical Research Seminar: Explainable Machine Learning in summer 2022

Guest Lectures

Lecture: Machine Learning for Security in winter 2021/22
Lecture: Security of Machine Learning in summer 2022, summer 2023
Workshop: Business Planning in Cybersecurity for Founders in summer 2022, winter 2022/23

Selected Theses

Master Thesis: Vulnerability Discovery in Solidity Code by Christopher Michelbach (2021)
Master Thesis: Backdooring Authorship Attribution by Stefan Strang (2022)
Master Thesis: Explanation-Aware Backdoors for Transformers by Lukas Peter (2023)

Non-Academic Publications

2023

Explanation-Aware Backdoors: Umgehen von erklärungsbasierten Erkennungsmethoden für Hintertüren.
Maximilian Noppel.
KASTEL StartupSecurty Community Congress - Poster Session, Karlsruhe, Germany, May 2023.

Sparetime

In my spare time I founded the hackerspace vspace.one e.V. in 2016 and several other clubs, e.g. to promote local musicians. I love open source software and open hardware projects in general. This includes little arduino projects but also my homebrew relay cpu project. In addition, I'm working on mechanical projects, using CNC mills or 3D printers, or I organize events like CodeGolfings, LightningTalks, Hackathons, Hackerjeopardyparties, or Cryptoparties. I am also an active ham radio operator with the call sign DC0MX. You can find me in the university ham radio group DF0UK. If you are interested in sports, you can find me as a trainer in the underwaterrugby team of the SSC Karlsruhe as well as the KIT university team.