DiffBreak: Is Diffusion-Based Purification Robust?
NeurIPS 2025The Thirty-ninth Annual Conference on Neural Information Processing Systems, 2025.
Sole Student Author – Fully Led Research & Writing
Andre Kassis
Ph.D. Candidate in Computer Science, University of Waterloo
I am a Ph.D. candidate at the University of Waterloo, advised by Prof. Urs Hengartner, and a member of the CrySP Lab. My research focuses on machine learning security and adversarial robustness. Previously, I earned my B.Sc. in Computer Engineering summa cum laude from the Technion.
I use adversarial analysis as a principled tool grounded in structural reasoning and mathematical insight to probe the robustness limits of ML systems, with the goal of understanding failure modes and guiding the design and evaluation of mitigations that remain trustworthy under real-world constraints. More broadly, my research aims to help bridge the gap between theoretical assurances and practical security in deployed systems.
Alongside my ongoing work on security-critical generative, vision, and audio models, I am increasingly interested in generative AI and large language models, particularly questions of scalable and adaptive red-teaming, safety, reliability, and privacy in modern ML systems.
Previously, I worked at IBM Research and Pindrop Security on cloud security, biometric authentication, and applied machine learning.
Email: akassis@uwaterloo.ca
Highlights
- Sole-student author of multiple papers at top-tier AI and security venues (IEEE S&P, NeurIPS)
- Google Vulnerability Reward Program (VRP) bounty for breaking Google's SynthID watermarking
- Research leading to patents and patches to commercial systems in deployment through industry collaborations
- Open-source tools with wide community adoption on GitHub
- Work receiving substantial international media coverage
News
- 12/2025 UnMarker became the University of Waterloo's second most covered research story to date by earned media in a year.
- 09/2025 Patent filed with Pindrop Security on securing voice biometric systems against adversarial attacks (primary technical contributor).
- 09/2025 DiffBreak, demonstrating effective attacks on diffusion-based adversarial purification defenses, accepted to NeurIPS 2025.
- 07/2025 UnMarker featured by IEEE Spectrum, The Register, Toronto Star, The Globe & Mail, CBC Radio, and others.
- 04/2025 Awarded a Google Vulnerability Reward Program (VRP) bounty for demonstrating a vulnerability in Google's SynthID watermarking system using UnMarker.
- 02/2025 Invited talk at UC Berkeley on breaking generative-AI image watermarking.
- 09/2024 UnMarker, demonstrating universal black-box attacks on generative-AI image watermarking, accepted to IEEE S&P 2024.
- 10/2023 Joined Pindrop Security to develop and deploy defenses against adversarial attacks on commercial voice authentication systems, based on my IEEE S&P 2023 work.
- 06/2023 Work on breaking security-critical voice authentication covered by ACM TechNews, The Register, PCMag, The Record, and others.
- 03/2023 Breaking Security-Critical Voice Authentication accepted to IEEE S&P 2023.
Publications
UnMarker: A Universal Attack on Defensive Image Watermarking
IEEE S&P 202546th IEEE Symposium on Security and Privacy, 2025.
Sole Student Author – Fully Led Research & WritingMedia: IEEE Spectrum · The Register · Toronto Star · The Globe & Mail · CBC Radio
Breaking Security-Critical Voice Authentication
IEEE S&P 202344th IEEE Symposium on Security and Privacy, 2023.
Sole Student Author – Fully Led Research & WritingMedia: ACM TechNews · The Register · PCMag · RISK Digest · The Record
Practical attacks on voice spoofing countermeasures
Estimating client QoE from measured network QoS
ACM SYSTOR 2019Proceedings of the 12th ACM International Conference on Systems and Storage, 2019.
Deep ahead-of-threat virtual patching
IOSec 2018Information and Operational Technology Security Systems: First International Workshop, IOSec 2018, CIPSEC Project.
Academic Service
Conference Reviewer: ACNS 2026, SenSys (2020, 2022, 2024), EAI MobiQuitous (2020)
Teaching & Mentorship
Teaching Assistant
- University of Waterloo — Security and Privacy
- Technion – Israel Institute of Technology — Operating Systems
Student Mentorship
- Manaswinee Gupta (Undergraduate Research Assistant, University of Waterloo)
- Yilin Ding (Undergraduate Research Assistant, University of Waterloo)