Schwinn team

SECURE MACHINE LEARNING

Leo Schwinn – Group leader

SECURE MACHINE LEARNING

Schwinn's Lab research focuses on secure machine learning: understanding, measuring, and improving the resilience of machine learning models to adversarial attacks, distribution shifts, and unsafe outputs. A core focus of his work is studying the vulnerabilities of large language models (LLMs), including the reliability of safety evaluations, adversarial training, and machine unlearning. He also works on data-efficient learning, foundation models for time-series forecasting, and small detail processing in VLMs.

Leo is a faculty member of the ELLIS Unit Munich and a visiting researcher at the Mila Quebec AI Institute, where he is hosted by Prof. Gauthier Gidel. He joined Helmholtz AI in May 2026, hosted at Helmholtz Munich.

External website: Visit Leo Schwinn's research website →

Research lines

Robust Machine Learning
Adversarial Attacks and Defenses
Large Language Model Safety
Data-Efficient Learning
Foundation Models for Time-Series
Small Detail Processing in VLMs

Publications and projects

L. Schwinn, M. Ladenburger, T. Beyer, M. Mofakhami, G. Gidel, S. Günnemann. 2026. "A Coin Flip for Safety: LLM Judges Fail to Reliably Measure Adversarial Robustness". ICML 2026

T. Beyer, S. Xhonneux, S. Geisler, G. Gidel, L. Schwinn, S. Günnemann. 2025. "LLM-Safety Evaluations Lack Robustness". ICML 2026

Y. Scholten, S. Xhonneux, L. Schwinn, S. Günnemann. 2025. "Model Collapse Is Not a Bug but a Feature in Machine Unlearning for LLMs". ICLR 2026

Y. Scholten, S. Günnemann, L. Schwinn. 2024. "A Probabilistic Perspective on Unlearning and Alignment for Large Language Models". ICLR 2025 (Oral)

S. Xhonneux, A. Sordoni, S. Günnemann, G. Gidel, L. Schwinn. 2024. Efficient adversarial training in llms with continuous attacks, NeurIPS 2024 (Spotlight)

Schwinn team

SECURE MACHINE LEARNING

Selected publications