Portrait of Ulrich Aivodji

Ulrich Aivodji

Associate Academic Member
Assistant Professor, École de technologie supérieure (ETS), Department of Software and Information Technology Engineering
École de technologie supérieure
Research Topics
Data Mining
Deep Learning
Optimization
Representation Learning
Website
Google Scholar

Biography

Ulrich Aïvodji is an assistant professor of computer science in the Software and Information Technology Engineering Department of the École de technologie supérieure (ÉTS) in Montréal. He also leads the Trustworthy Information Systems Lab (TISL).

Aïvodji’s research areas are computer security, data privacy, optimization and machine learning. His current research focuses on several aspects of trustworthy machine learning, such as fairness, privacy-preserving machine learning and explainability.

Before his current position, he was a postdoctoral researcher at Université du Québec à Montréal, where he worked with Sébastien Gambs on machine learning ethics and privacy.

He earned his PhD in computer science from Université Paul-Sabatier (Toulouse) under the supervision of Marie-José Huguet and Marc-Olivier Killijian. He was affiliated with two research groups at the Systems Analysis and Architecture Laboratory–CNRS, one on dependable computing, fault tolerance and operations research, and another on combinatorial optimization and constraints.

Current Students

Maryam Babaei
PhD - École de technologie suprérieure
Github
Eliott Baltz
Master's Research - École de technologie suprérieure
Github
Zahra Batool
Postdoctorate - École de technologie suprérieure
Github
Chayma Ben Abdeljelil
Master's Research - École de technologie suprérieure
Github
Meghana Bhange
PhD - École de technologie suprérieure
Co-supervisor :
Samira Ebrahimi Kahou
Website
Github
Google Scholar
Ayana Hussain
Collaborating researcher - Simon Fraser University
Github
Google Scholar
Patrik Kenfack
PhD - École de technologie suprérieure
Co-supervisor :
Samira Ebrahimi Kahou
Website
Github
Google Scholar
Killijian Marc-Olivier
Independent visiting researcher - UQAM
Louis Tremblay Thibault
PhD - École de technologie suprérieure
Website
Yingke Wang
Collaborating researcher - University of Waterloo
Github
Itai Zehavi
Research Intern - École de technologie suprérieure (ÉTS)
Github
LinkedIn

Publications

IDP-Bench: Benchmarking ability of LLMs to protect personal information in interdependent privacy contexts
Ayana Hussain
Soumya Sharma
Golnoosh Farnadi
Nicholas Vincent
Héber Hwang Arcolezi
Ulrich Aivodji
Large language models (LLMs) are becoming widely deployed as personal AI assistants with access to sensitive user data, making privacy a maj… (see more)or challenge for their design and evaluation. Prior work focuses mainly on individual-level risks, overlooking \textbf{interdependent privacy (IDP)}--where one person's data may be revealed by others without their knowledge or consent. We address this gap by introducing \textbf{IDP-Bench}: the first LLM benchmark for IDP scenarios, grounded in the Contextual Integrity (CI) framework. We evaluate eight open-source LLMs on their understanding of IDP scenarios across three levels of IDP reasoning using two LLM judges. Results show strong co-ownership recognition (6/8 models exceed 90\%) but persistent weaknesses in identifying CI parameters (information attribute, primary subject) and IDP-specific parameters such as secondary subjects, where 7/8 models score below 74\%. Models also struggle to judge sharing appropriateness (5/8 scoring below 77\%). While the ability to judge the appropriateness of sharing improves with scale, performance tends to decline in smaller models, and prompt sensitivity remains high on IDP-specific questions--highlighting the need for more targeted study of IDP in LLM privacy research. Data \& code available \href{https://github.com/tisl-lab/Interdependent_Privacy_Bench}{here}.
2026-06-05
arXiv (preprint)
doi.org
arxiv.org
Model Stealing Through the Lens of Model Multiplicity
Eliott Baltz
Satoshi Hara
Ulrich Aivodji
Model stealing attacks, where adversaries create high-fidelity surrogate models, are a significant threat to the intellectual property of ma… (see more)chine learning services. Conventional wisdom suggests these surrogates could provide adversaries with economic leverage comparable to the original service providers. This paper challenges this assumption by evaluating model stealing attacks beyond mere fidelity to the target model. Because query-based extraction provides only partial supervision of the target's input-output behavior, the surrogate is not uniquely identified: many near-optimal surrogates can achieve comparable fidelity while differing in deployment-relevant properties. Instead of performing a classic learning-based model stealing attack, we compute the Rashomon Set (i.e., the set of almost-equally-accurate models) of surrogate models, and evaluate its diversity using multiplicity metrics (ambiguity, discrepancy and rashomon capcity) and group fairness metrics. Our experiments on real-world datasets reveal that despite exhibiting similar fidelity to the target model, surrogate models can display significant variances in other critical performance metrics. These findings cast doubt on the presumed equivalence between high-fidelity surrogates and the target model in practical deployment scenarios.
2026-05-19
DMP @ Canadian Conference on Artificial Intelligence and Conference on Robots and Vision (oral)
openreview.net
openreview.net
Challenges in Using LLM Agents to Validate Agent Governance
Ayana Hussain
Ulrich Aivodji
Héber Hwang Arcolezi
The increasing deployment of Large Language Models (LLMs) as autonomous agents has intensified the need for credible and trustworthy methods… (see more) to evaluate governance interventions. Motivated by recent research, this work considers the use of LLM and agent-based simulations to evaluate AI agent governance mechanisms before real-world deployment. While conceptually appealing, this approach introduces various challenges. We examine three such problems: (1) obtaining ground truth for validation, (2) determining whether observed behaviors represent actual agent operations or simulation artifacts, and (3) obtaining consent for data use, and addressing ethical concerns about computational surrogates replacing real users. We also outline considerations based on documented limitations, aiming to catalyze workshop discussion on trustworthy and reliable evaluation methods for agent governance.
2026-05-08
PoliSim @ ACM Conference on Human Factors in Computing Systems (published)
openreview.net
openreview.net
Fairwashing: the risk of rationalization
Ulrich Aivodji
Hiromi Arai
Olivier Fortineau
Sébastien Gambs
Satoshi Hara
Alain Tapp
Black-box explanation is the problem of explaining how a machine learning model -- whose internal logic is hidden to the auditor and general… (see more)ly complex -- produces its outcomes. Current approaches for solving this problem include model explanation, outcome explanation as well as model inspection. While these techniques can be beneficial by providing interpretability, they can be used in a negative manner to perform fairwashing, which we define as promoting the false perception that a machine learning model respects some ethical values. In particular, we demonstrate that it is possible to systematically rationalize decisions taken by an unfair black-box model using the model explanation as well as the outcome explanation approaches with a given fairness metric. Our solution, LaundryML, is based on a regularized rule list enumeration algorithm whose objective is to search for fair rule lists approximating an unfair black-box model. We empirically evaluate our rationalization technique on black-box models trained on real-world datasets and show that one can obtain rule lists with high fidelity to the black-box model while being considerably less unfair at the same time.
2019-05-23
Proceedings of the 36th International Conference on Machine Learning (published)
doi.org
proceedings.mlr.press