Max Noppel

Telephone +49 721 608-46190
Room 163
Address Karlsruhe Institute of Technology
Institute of Information Security and Dependability
Am Fasanengarten 5, Geb. 50.34
76131 Karlsruhe, Germany
Max Noppel

About me

I am a doctoral researcher in the group of Christian Wressnegger. After my B.Sc. in Computer Science and three years as a Software Engineer and Software Architect for embedded multiprocessor devices, I decided to head back to university. In 2020, I graduated to M.Sc. in Computer Science at the Karlsruhe Institute of Technology (KIT). My studies were concentrated on IT Security, Cryptography, Anonymity and Privacy, and Algorithm Engineering.

As a doctoral researcher, I now focus on the vulnerabilities of eXplainable Artificial Intelligence (XAI) in adversarial environments. XAI methods augment the predictions of an ML model by an additional output, the explanation. This increase in the amount of outputs potentizes the number of possible adversarial goals. An adversary may fool the prediction, the explanation, or both simultaneously. With the term 'fooling,' we capture diverse incentives, e.g., showing a target explanation or injecting a backdoor. I research these attacks with varying threat models, explanation methods, model architectures, and application domains. My research highlights the necessity of robustness guarantees for XAI, which I hope to be able to provide at some point.

Please also consider my personal webpage for further information.



SoK: Explainable Machine Learning in Adversarial Environments.
Maximilian Noppel and Christian Wressnegger.
Proc. of 45th IEEE Symposium on Security and Privacy (S&P), to appear May 2024.


Poster: Fooling XAI with Explanation-Aware Backdoors.
Maximilian Noppel and Christian Wressnegger.
Proc. of 30th ACM Conference on Computer and Communications Security (CCS), to appear November 2023.

Explanation-Aware Backdoors in a Nutshell.
Maximilian Noppel and Christian Wressnegger.
Proc. of 46th German Conference on Artificial Intelligence (KI), September 2023.

Disguising Attacks with Explanation-Aware Backdoors.
Maximilian Noppel, Lukas Peter and Christian Wressnegger.
Proc. of 44th IEEE Symposium on Security and Privacy (S&P), May 2023.


Backdooring Explainable Machine Learning.
Maximilian Noppel, Lukas Peter and Christian Wressnegger.
Technical report, arXiv:2204.09498, April 2022.


LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems.
Niclas Kühnapfel, Stefan Preußler, Maximilian Noppel, Thomas Schneider, Konrad Rieck and Christian Wressnegger.
Proc. of 37th Annual Computer Security Applications Conference (ACSAC), December 2021.

Plausible Deniability for Anonymous Communication.
Christiane Kuhn*, Maximilian Noppel*, Christian Wressnegger and Thorsten Strufe.
Proc. of 21st Workshop on Privacy in the Electronic Society (WPES), November 2021.


GI Elections with POLYAS: a Road to End-to-End Verifiable Elections.
Bernhard Beckert, Achim Brelle, Rüdiger Grimm, Nicolas Huber, Michael Kirsten, Ralf Küsters, Jörn Müller-Quade, Maximilian Noppel, Kai Reinhard, Jonas Schwab, Rebecca Schwerdt, Tomasz Truderung, Melanie Volkamer, and Cornelia Winter.
E-Vote-ID, October 2019.


Committee Memberships

Convention of the Scientific Staff and Council for Devision II

As a member of the Convention of the Scientific Staff (German: "Mitarbeiterkonvent") and as a member of the Council for Devision II (German: "Bereichsrat für Bereich II") I am happy to receive your emails regarding any suggestions for the future development of the KIT.



  • Practical Course: Application Security in winter and summer from 2020/21 until now
  • Seminar: Explainable Machine Learning in winter from 2020/21 until 2022/23
  • Seminar: Hot Topics in Explainable Machine Learning in summer 2023
  • Seminar: Hot Topics in Security of Machine Learning in winter 2023/24
  • Seminar: Vulnerability Discovery in summer 2021 and 2022
  • Seminar: Public Key Cryptography in winter 2021/22
  • Practical Research Seminar: Explainable Machine Learning in summer 2022

Guest Lectures

  • Lecture: Machine Learning for Security in winter 2021/22
  • Lecture: Security of Machine Learning in summer 2022, summer 2023
  • Workshop: Business Planning in Cybersecurity for Founders in summer 2022, winter 2022/23

Selected Theses

  • Master Thesis: Vulnerability Discovery in Solidity Code by Christopher Michelbach (2021)
  • Master Thesis: Backdooring Authorship Attribution by Stefan Strang (2022)
  • Master Thesis: Explanation-Aware Backdoors for Transformers by Lukas Peter (2023)

Non-Academic Publications


Explanation-Aware Backdoors: Umgehen von erklärungsbasierten Erkennungsmethoden für Hintertüren.
Maximilian Noppel.
KASTEL StartupSecurty Community Congress - Poster Session, May 2023.


In my spare time I founded the hackerspace e.V. in 2016 and several other clubs, e.g. to promote local musicians. I love open source software and open hardware projects in general. This includes little arduino projects but also my homebrew relay cpu project. In addition, I'm working on mechanical projects, using CNC mills or 3D printers, or I organize events like CodeGolfings, LightningTalks, Hackathons, Hackerjeopardyparties, or Cryptoparties. I am also an active ham radio operator with the call sign DC0MX. You can find me in the university ham radio group DF0UK. If you are interested in sports, you can find me as a trainer in the underwaterrugby team of the SSC Karlsruhe as well as the KIT university team.