Aditya Sharma BITS Pilani Dubai

Aditya Sharma

Computer Science  ·  BITS Pilani Dubai  ·  2027

I audit the things people
are afraid to look inside.

Neural networks, mostly. Occasionally institutions.
The findings tend to be the same: everyone assumed
someone else had already checked.

See the work Say hello
Portrait — calm,
well-lit, direct gaze

“A heavy crown, worn gently.”

Research  ·  The Vault

Work that sits at the edge of what the field has formally looked at yet.

I don’t think that’s because I’m particularly special. I just tend to ask the obvious question one step too early, before the consensus has decided what the answer should be.

QResP — Quantum-Resilient Provenance
for ML Supply Chains

Solo research CS F376 Jan 2026–present
Targeting USENIX Security 2027

I wanted to know something simple: of the most-downloaded AI models in the world, how many can you actually verify?

I built QResP — an open-source Python package that crawls HuggingFace, parses every model’s cryptographic metadata, and classifies it by quantum vulnerability. Then I ran it on the top 1,000 models by all-time downloads.

99.8% carry no cryptographic signature at all. The two that do — IBM and OpenAI — both use ECDSA P-256. That’s broken by Shor’s algorithm. Post-quantum adoption: 0%.

I’ve mapped every finding to the EU AI Act’s provenance and technical documentation requirements. The gap between what the regulation asks for and what actually exists is, to put it mildly, substantial.

The tool is MIT-licensed and open. I thought it was important that anyone who wanted to check my work could.

Post-Quantum Cryptography ML Security EU AI Act View on GitHub

LLM Backdoor Auditing via
Stackelberg Security Games

Game theory lead Research team Feb 2026–present
ICML 2026 Mechanistic Interpretability Workshop

The question was whether you could think about a compromised language model not as a broken artefact, but as an adversary in a well-defined game — and whether, if you framed it that way, you could prove something useful about how to catch it.

I led the game-theoretic component. We model the interaction between an auditor and a LoRA-poisoner as a two-player Stackelberg Security Game on Pythia-410M. My contribution was the equilibrium analysis: deriving the defender’s best response under attacker-type uncertainty, and the robustness proofs that make the audit policy meaningful rather than just elegant.

The ongoing extensions include a multi-type attacker model across six threat intensities, fairness benchmarks on COMPAS and Adult Income datasets, and scaling across Pythia 410M through 6.9B and Llama-2-7B/13B.

Mechanistic Interpretability Game Theory Trustworthy AI Read paper

Adversarial Attacks on
Vision-Language-Action Models

Deep Learning CS F425 Jan 2026–present

Phase one: implement Patch-based PGD and Greedy Coordinate Gradient attacks against SmolVLM as a VLA proxy, comparing image-space versus text-space attack difficulty. We achieved 76% untargeted and 34% targeted attack success rate.

Phase two — XTransferBench — was the more interesting question: do CLIP-trained universal adversarial perturbations transfer to VLA action prediction via SigLIP? Three open gaps in the literature, directly addressed.

The short answer is that they do, partially, in ways that are specific enough to matter.

Adversarial ML VLA Models Transfer Attacks Read methodology

Dynamic ELO Tennis Match Predictor

Data Science CS F320 March 2026

The standard ELO model for tennis has been stuck below 70% accuracy on Grand Slam data for years. The literature ceiling from Wilkens 2021 sits at 70%.

We augmented standard ELO with a learned contextual shift — Ω = β₁F + β₂C + β₃B, where F is fatigue, C is clutch, and B is a biometric edge proxy — using a surface-specific XGBoost ensemble trained on 16,000+ Grand Slam matches from 1990 to 2024.

On a fully unbiased 2024 test set: 73.5% accuracy, AUC 0.818. Above the literature ceiling. I mention it because the methodology generalises to places tennis doesn’t.
XGBoost ELO Modelling Sports Analytics Read abstract

Privacy in Person Re-Identification

Collaboration IIT Delhi & IIT Madras Ongoing
Supervised by Dr. Tamizharasan Periyasamy

A cross-institutional project on what surveillance-capable vision systems owe to the people they watch. The technical question is how to build re-identification that works without building a permanent record of everywhere someone has ever been.

I find it’s one of those problems where the engineering decisions are genuinely ethical decisions wearing different clothes.
Computer Vision Privacy Re-Identification

Work  ·  The Blueprint

The work never stays inside the problem I started with.

Somewhere along the way it usually ends up touching something that affects people who never asked to be in a research paper. I’ve stopped treating that as a surprise.

June – August 2025

IIT (BHU), Varanasi

Research Intern

Algorithmic Pricing Audit

I spent a summer checking whether ride-hailing apps charge people fairly.

I built ML classifiers and ran statistical hypothesis tests to isolate device type — your phone model and operating system — as a significant fare predictor, after controlling for route, time of day, and demand. Around 38% of the rides we sampled showed pricing discrimination patterns that shouldn’t exist in a fair market.

“I just built something rigorous enough that it couldn’t be dismissed, and asked it a question the platforms would have preferred nobody asked.”

The findings were co-authored and presented to the Ministry of Consumer Affairs, Government of India. They’re informing policy discussions on fair-pricing regulation for aggregator platforms.

August 2025 – January 2026

Registrar’s Office,
BITS Pilani Dubai

Professional Assistant

KHDA Data & Automation

I built the Python automation that replaced manual data entry for student registration on the KHDA portal — the government body that oversees education in Dubai. I owned validation and reconciliation of the institutional datasets: admissions, academics, welfare records. I found inconsistencies nobody had noticed. I fixed them.

It’s the least glamorous thing on this page. It’s also the one I’d point to if someone asked whether I understand how institutions actually function — not in theory, but in the specific, unglamorous way that determines whether a student’s record is correct three years from now when it matters.

March 2020 – February 2022

ANSOZ Creations

Operations Manager

Pandemic Response App  —  150,000 users

I was sixteen. We built a pandemic-response application and it ended up with 150,000 active users. I ran operations — engineering coordination, content, government liaison — while that number kept climbing.

What I learned wasn’t on any syllabus. It was that when something matters urgently to a lot of people simultaneously, every product decision is a decision about them. I’ve not been able to think about technology any other way since. I’ve stopped trying.

The thread

I keep finding myself in rooms where the technical question and the human question are the same question. A pricing audit becomes a policy submission. A provenance tool becomes a compliance gap. An adversarial benchmark becomes a question about what we owe the people downstream.

I don’t think that’s a coincidence. I think it’s what rigorous work looks like when it’s pointed at real things.

Writing  ·  The Log

I write when something has clarified enough to be worth saying.

Not often. Not for the sake of it.

Essay

On asking the obvious question

Reading time ≈ 5 min

Most fields have questions that everyone is technically capable of asking and nobody has formally asked, because the answer might be inconvenient or the question might seem too simple. I’ve found that those are usually the most important ones. QResP started as: has anyone actually checked? The answer, as it turned out, was no.

Essay

On what a pricing audit taught me about evidence

Reading time ≈ 4 min

A number only changes a room if it was built carefully enough that it can’t be argued away. That summer at IIT BHU was, more than anything, a lesson in the craft of constructing an argument that a regulator can’t politely set aside.

Essay

On building things that last past the paper

Reading time ≈ 6 min

There’s a version of research that ends at submission. I find that version unsatisfying. QResP is MIT-licensed because I wanted it to exist in the world as a tool, not just a finding. I think of this less as ambition and more as just finishing what you started.

Short note

On working with people smarter than you

Reading time ≈ 2 min

I’ve been lucky enough to collaborate with researchers at IIT Delhi, IIT Madras, and IIT BHU. The thing nobody tells you about working with people who are very good is that it’s mostly just embarrassing in a productive way.