We are pleased to share the 3IA Côte d’Azur’s researchers’ new publications.
29th International Conference on Medical Image Computing And Computer Assisted Intervention (MICCAI 2026), September 2026, Strasbourg (France)
- High-Capacity Robust Medical Image Exfiltration via Neural Network Weight Replacement
Elie Thellier, Huiyu Li (AI Cluster Ph.D. student Alumni), Nicholas Ayache (AI Cluster Chairholder), Hervé Delingette (AI Cluster Chairholder)
Abstract: Collaborative medical AI platforms allow researchers to train models on sensitive imaging data while restricting data export. However, trained models can serve as covert carriers of patient information: medical images may be encoded within model parameters and reconstructed outside the secure environment. Existing defenses rely on lightweight sanitization (e.g., fine-tuning, pruning, quantization) and limited statistical auditing, creating a realistic insider exfiltration risk. We introduce a high-capacity neural steganography attack that encodes medical images as continuous latent representations embedded directly into model initialization. A StyleGAN2-based adversarial autoencoder learns compact latent codes, which are regularized to match the statistical moments of standard weight initialization, making embedded parameters statistically consistent with clean models. Noise injection during training improves robustness to optimization and export-time mitigation. The resulting model remains functional on its intended medical task, while hidden images can be reconstructed directly from its weights after export. This continuous encoding enables robust and scalable exfiltration, allowing up to 99 brain MRI volumes to be embedded within a 30MB model, and remains recoverable under mitigations that disrupt prior bit-level schemes. Experiments on MIMIC-CXR, BraTS, and LiTS demonstrate effectiveness across modalities, tasks, and architectures, highlighting the need for structural defenses beyond parameter-level sanitization.
Read the paper
- Data-Driven Optimization of Prostate Sectorization from MRI
Florencia Boccarato, Fahym Bounazou, Hye-Lim Lee, R. Renard Penna, Hervé Delingette (AI Cluster Chairholder)
Abstract: The PI-RADS sectorization scheme serves as the standard clinical language for reporting prostate lesion locations and guiding biopsies. However, the mapping of those discrete anatomical sectors into MR image coordinates has not been standardized and currently relies on rigid geometric scripts that are non-differentiable and often anatomically incomplete. In this paper, we propose a differentiable geometric framework that learns a global consensus sectorization template in a canonical coordinate space. By parameterizing sector boundaries as learnable primitives, our model distills an anatomical prior from expert annotations via gradient descent. During inference, this global template is projected onto patient-specific zonal masks, ensuring the sectors adapt to individual morphology while strictly enforcing PI-RADS topological constraints. Evaluation on internal (N=84) and external (ProstateX, N=50) cohorts demonstrates a significant improvement in Anterior-Posterior division over state-of-the-art baselines and provides a complete 24-sector mapping by incorporating previously omitted Lateral-Central partitions. By providing a bi-directional differentiable bridge between 3D MRI clinical nomenclature, this framework enables the spatial localization of sector based biopsy results within the 3D volume. This unlocks massive clinical registries for weak-supervision tasks and establishes a foundational tool for standardized, spatially-indexed data curation.
Read the paper
42nd Conference on Uncertainty in Artificial Intelligence (UAI 2026), August 2026, Amsterdam (Nehterlands)
- Beyond Mixtures and Products for Ensemble Aggregation: A Likelihood Perspective on Generalized Means
Raphaël Razafindralambo (AI Cluster Ph.D. student), Rémy Sun, Frédéric Precioso, Damien Garreau, Pierre-Alexandre Mattei (3IA Deputy Scientific Director and Chairholder)
Abstract: Density aggregation is a central problem in machine learning, for instance when combining predictions from a Deep Ensemble. The choice of aggregation remains an open question with two commonly proposed approaches being linear pooling (probability averaging) and geometric pooling (logit averaging). In this work, we address this question by studying the normalized generalized mean of order r \in \mathbb{R} \cup \{-\infty,+\infty\} through the lens of log-likelihood, the standard evaluation criterion in machine learning. This provides a unifying aggregation formalism and shows different optimal configurations for different situations. We show that the regime r \in [0,1] is the only range ensuring systematic improvements relative to individual distributions, thereby providing a principled justification for the reliability and widespread practical use of linear (r=1) and geometric (r=0) pooling. In contrast, we show that aggregation rules with r \notin [0,1] may fail to provide consistent gains with explicit counterexamples. Finally, we corroborate our theoretical findings with empirical evaluations using Deep Ensembles on image and text classification benchmarks.
Read the paper
35th International Joint Conference on Artificial Intelligence (IJCAI 2026), August 2026, Bremen (Germany)
- Constraining Generative Models : A Survey from the Constraint Programming Perspective (survey track)
Alexandre Bonlarron, François Pachet, Pierre Roy, Jean-Charles Régin (AI Cluster Chairholder)
Abstract: Generative models produce long and high probability sequences, yet they often fail to satisfy explicit constraints set by users. Over the past two decades, Constraint Programming (CP) has provided a complementary paradigm: combining generative models with a constraint solver to guarantee feasibility. This survey reviews the main concepts behind these CP-driven hybrid approaches, from enforcing ubiquitous structural rules (e.g., length and patterns) to preventing plagiarism. It synthesizes how learned models can be treated as constraints, compiled structures, or probabilistic factors. We highlight what has remained stable across applications, then discuss how these principles transfer to the Large Language Model era and outline open challenges for controllable and trustworthy generative systems.
43rd International Conference on Machine Learning (ICML 2026), July 2026, Seoul (South Corea)
- Towards Understanding Steering Strength
Magamed Taimeskhanov, Samuel Vaiter (AI Cluster Chairholder), Damien Garreau
Abstract: A popular approach to post-training control of large language models (LLMs) is the steering of intermediate latent representations. Namely, identify a well-chosen direction depending on the task at hand and perturbs representations along this direction at inference time. While many propositions exist to pick this direction, considerably less is understood about how to choose the magnitude of the move, whereas its importance is clear: too little and the intended behavior does not emerge, too much and the model's performance degrades beyond repair. In this work, we propose the first theoretical analysis of steering strength. We characterize its effect on next token probability, presence of a concept, and cross-entropy, deriving precise qualitative laws governing these quantities. Our analysis reveals surprising behaviors, including non-monotonic effects of steering strength. We validate our theoretical predictions empirically on eleven language models, ranging from a small GPT architecture to modern models.
Read the paper
- Alphasurf: on-the-fly surface computations for protein representation learning (poster)
Victor Gertner, Frédéric Cazals (AI Cluster Chairholder), Vincent Mallet
Abstract: Several protein surfaces have been proposed for visualization purposes, and more. Recently, machine learning approaches incorporating surfaces as a biomolecular representation have emerged with strong performances, at the cost of increased computations. In this paper, we argue that this burden can be avoided. We propose a method to compute surfaces on-the-fly with no overhead and no performance loss.
Read the paper
Transactions on Machine Learning Research, May 2026
- Learning Energy-Based Models by Self-normalising the Likelihood
Hugo Senetaire, Paul Jeha, Jes Frellsen, Pierre-Alexandre Mattei (3IA Deputy Scientific Director and Chairholder)
Asbtract: Training an energy-based model (EBM) with maximum likelihood is challenging due to the intractable normalisation constant. Traditional methods rely on expensive Markov chain Monte Carlo (MCMC) sampling to estimate the gradient of logartihm of the normalisation constant. We propose a novel objective called self-normalised log-likelihood (SNL) that introduces a single additional learnable parameter representing the normalisation constant compared to the regular log-likelihood. SNL is a lower bound of the log-likelihood, and its optimum corresponds to both the maximum likelihood estimate of the model parameters and the normalisation constant. We show that the SNL objective is concave in the model parameters for exponential family distributions. Unlike the regular log-likelihood, the SNL can be directly optimised using stochastic gradient techniques by sampling from a crude proposal distribution. We validate the effectiveness of our proposed method on various density estimation and parameter estimation tasks. Our results show that the proposed method, while simpler to implement and tune, outperforms existing techniques for small to moderate dimensions but degrades for high-dimensional problems. We extend this framework to handle EBM for regression and show the usefulness of our method in this setting, as we outperform existing techniques.
Read the paper
- Think2SQL: Blueprinting Reward Density and Advantage Scaling for Effective Text-to-SQL Reasoning
Simone Papicchio, Simone Rossi, Luca Cagliero, Paolo Papotti (AI Cluster Chairholder)
Abstract: While Large Language Models (LLMs) have advanced the state-of-the-art in Text-to-SQL, robust reasoning in complex, multi-table environments remains a bottleneck for parameter-efficient models. This paper presents a systematic empirical study on injecting reasoning capabilities into Text-to-SQL through the lens of Reinforcement Learning with Verifiable Rewards (RLVR) for the Qwen3 model family. We uncover a critical interplay between reward density, advantage scaling, and model capacity. Our analysis yields four primary insights. First, we propose a novel execution-guided dense reward function that significantly outperforms binary signals and existing state-of-the-art rewards by providing granular feedback at the instance level. Second, we analyze the mechanics of advantage calculation, demonstrating that while large models thrive on sparse signals with aggressive advantage scaling, smaller models require dense rewards and conservative scaling to improve Text-to-SQL performance. Third, we evaluate the impact of cold start showing that distillation does not always benefit RLVR performance, and supervised fine-tuned models are prone to distributional mimicry. Fourth, we map the Pareto frontier of training efficiency, providing insights for optimizing Text-to-SQL reasoning under computational constraints. Our findings culminate in the Think2SQL family: our 4B-parameter model demonstrates reasoning capabilities competitive with state-of-the-art models such as o3. We release our models, datasets, and code to create a blueprint for RLVR optimization in Text-to-SQL.
Github
Read the paper
