I am Franziska Boenisch, tenure track faculty at the CISPA Helmholtz Center for Information Security. At CISPA, I am co-leading the SprintML lab for Secure, Private, Robust, INterpretable, and Trustworthy Machine Learning. Before, I was a Postdoctoral Fellow at the Vector Institute for Artificial Intelligence supervised by Prof. Dr. Nicolas Papernot. Prior to joining Vector, I was a PhD candidate at Freie University Berlin and a research assosiate at the Fraunhofer Institute for Applied and Integrated Security (AISEC).

I am Hiring!

Currently, I am looking for PhDs, Postdocs, and Research Interns. If you are excited about working on trustworthy ML, please drop me a mail with your CV, current transcript, and a motivation why you want to apply to my group.

Research

My research focus lies at the intersection of Security, Privacy, and Machine Learning from the perspective of individual users and data owners. Since September 2025, this research is supported by an ERC Starting Grant awarded by the European Research Council.

Research has shown that trained ML models do not necessarily provide privacy for the underlying training datasets, as some attacks allow to restore (aspects of) the training data from the model parameters (e.g. model inversion attacks), or others allow to find out if an individual data point was included in the training dataset or not (membership inference attacks). Both can be harmful for the privacy of the individuals whose data is represented in the training dataset. Therefore, protecting privacy in ML models is a crucial task. I’m currently mainly researching in the area of Differential Privacy, a mathematical framework that provides formal privacy guarantees. I’m also looking into the practical evaluation of privacy loss and into the identification of potential sources for privacy leakage in privacy preserving technologies. Identifying such pain points allows us to develop a better understanding on why practical privacy stays behind the strong theoretical guarantees. This helps in adapting and extending theoretical frameworks, their implementations and their integration into real-worlds systems for enhanced privacy in practice.

Initiatives

Beyond my research, I am passionately organizing a European Hackathon Championship in AI and Cybersecurity. This is a multi-national event to promote the topics of AI and Cybersecurity. In total, we will be having five local rounds of hackathons with challenges inspired by my research and implemented by my lab. The winners from the local rounds will then be invited to join the Grand Final in July 2026 to compete for the title for European Champion. If you want to learn more about the past events, you can check out our webpage, or read what drives me.

News

• December 2025: I was named a Werner-von-Siemens-Fellow.
• September 2025: I received one of the 24 ERC Starting Grants that were awarded this year over the entire EU+UK+Switzerland+Israel in computer science. Excited to start my project Privacy4FMs.
• September 2025: I will be serving as an Area Chair for this year’s ICLR conference.
• July 2025: I am co-organizing two workshop at ICML’25 in Vancouver: MemFM on the Impact of Memorization on Trustworthy Foundation Models, and DIG-BUGS on Building Reliable and Trustworthy Generative AI. Hope to see you there.
• June 2025: I will be track chair the track on Machine Learning for this year’s ACM AsiaCCS conference.
• June 2025: I will be serving as an Area Chair for this year’s NeurIPS conference.
• May 2025: Our SprintML Lab has three accepted papers for ICML’25.
• April 2025: I was named Distinguished Reviewer for the SaTML conference the second year in a row.
• February 2025: Our paper on ownership resolution for diffusion models was accepted to CVPR’25.
• January 2025: Our SprintML Lab has three papers accepted for ICLR’25.
• January 2025: I received the third price of the Academics Rising Start Award (Nachwuchspreis) that honors the most outstanding researchers in Germany over all German universities, over all fields, and over all scientific ages. I feel very honored for this recognition.
• December 2024:: Our work on facilitating differentially private learning through private prototypes was accepted to AAAI’25.
• October 2024: We kicked-off our ILLUMINATION research grant project that I am coordinating.
• September 2024: Three of our papers were accepted to NeurIPS’24. Excited to present our work on localizing memorization in SSL vision encoders’ parameters, neuron interventions in diffusion models to prevent privacy leakage, and on private large language model adaptations in Vancouver!
• September 2024: I was named a GI Junior-Fellow for my work on trustworthy ML and my committment to diversity in computer science.
• July 2024: All lectures from my new lecture series on Trustworthy Machine Learning are now online.
• June 2024: We reached another milestone, our SprintML Lab research group has reached 20 members (from 10 different countries!). Super exciting.
• May 2024: We are presenting our novel work on Memorization in Self-Supervised Learning at the ICLR conference in Vienna.
• April 2024: My seminar on Differential Privacy in Machine Learning was awarded the Saarland Univeristy Busy Beaver Teaching Award.
• January 2024: My PhD dissertation was awarded the 2nd Prize in the Fraunhofer IuK Dissertation Award.
• September 2023: I am excited that three of our papers were accepted at the NeurIPS conference.
• September 2023: I started as a tenure track faculty at CISPA.
• July 2023: Meet me at the PETs and IEEE Euro S&P conference, where I will be presenting our work on Individually Privaet Machine Learning, Privacy Assessment of Synthetic Data, Privacy Risks in Federated Learning, and Data Extraction Attacks in Federated Learning
• December 2022: Our Workshop on Trustworthy ML under Limited Data and Compute was accepted for ICLR’23. CfP here.
• November 2022: Paper accepted for publication at PETS’23: A Unified Framework for Quantifying Privacy Risk in Synthetic Data.
• September 2022: Paper accepted at the 36th Conference on Neural Information Processing Systems (NeurIPS’22): Dataset Inference for Self-Supervised Models.
• September 2022: Paper accepted for publication at PETS’23: Individualized PATE: Differentially Private Machine Learning with Individual Privacy Guarantees.
• September 2022: We’re presenting our paper on Introducing Model Inversion Attacks on Automatic Speaker Recognition at the 2nd Symposium on Security and Privacy in Speech Communication (SPSC).
• August 2022: I’m happy to announce that I finalized my PhD duties and will be joining the Canadian Vector Institute as a Postdoctoral Fellow under the supervision of Prof. Dr. Nicolas Papernot by the end of the month.
• April 2022: Super proud that my interview on Differential Privacy with the Google-Aufbruch magazine made it to the title page.—>