Cyber-Immune Medical AI: Securing Future Healthcare Systems Against Adversarial, Privacy, and Agentic AI Threats

Core PhD Question

How can we design future medical AI systems that remain secure, privacy-preserving, explainable, and clinically reliable when exposed to adversarial attacks, prompt injection, poisoned data, privacy leakage, and unsafe autonomous AI-agent behaviour?

This PhD investigates how next-generation healthcare AI systems can be protected before they are trusted in real clinical environments. The focus is not only on making AI models accurate, but on making them resilient, safe, and trustworthy when operating under realistic security threats.

What We Are Not Planning to Do

This project is not about building a standard disease-diagnosis model or simply improving classification accuracy on medical datasets.

It is also not focused on replacing doctors, giving direct medical advice, or developing a clinical product for hospital deployment during the PhD.

The project is not limited to ordinary machine-learning evaluation where models are tested only on clean datasets.

It is also not just a general cybersecurity project disconnected from healthcare. The security problems studied here must be directly linked to medical AI systems, clinical workflows, patient data, or healthcare decision-support environments.

What We Are Planning to Do

This project will study the security and privacy risks of AI systems used in healthcare, especially systems based on large language models, vision-language models, transformer models, and autonomous AI agents.

The project may investigate attacks such as prompt injection, adversarial medical-image manipulation, poisoned clinical records, unsafe AI-agent actions, membership inference, privacy leakage, and manipulation of AI-generated clinical recommendations.

The PhD candidate will design and evaluate a security-aware medical AI framework that can detect risky inputs, unsafe outputs, suspicious model behaviour, privacy-sensitive responses, and clinically dangerous recommendations.

The project may include the development of a runtime safety layer that works like a “cyber-immune system” for medical AI. This layer can monitor AI behaviour, assign risk scores, explain why an output may be unsafe, and prevent high-risk responses from reaching clinicians or patients without further review.

The project can use medical text, medical images, multimodal datasets, electronic health record-style data, or simulated clinical AI-agent workflows. The exact scope can be refined based on the candidate’s background and available datasets.

Possible PhD Contribution Expectations

• Medical AI Threat Model: A detailed threat model for future healthcare AI systems, covering medical LLMs, medical vision-language models, clinical chatbots, AI agents, and AI-enabled decision-support systems.
• Healthcare AI Attack Benchmark: A benchmark or simulation environment for testing how medical AI systems behave under adversarial, privacy, and prompt-injection attacks.
• Security-Aware Medical AI Framework: A novel defense framework that identifies malicious inputs, unsafe outputs, suspicious reasoning paths, and privacy-sensitive responses in medical AI systems.
• Cyber-Immune Runtime Safety Layer: A monitoring layer that continuously checks AI behavior during use and assigns risk scores before the output is trusted in a healthcare setting.
• Privacy-Preserving Medical Intelligence: Integration of methods such as federated learning, differential privacy, secure representation learning, or privacy-aware synthetic data generation to reduce patient-data exposure.
• Explainable Clinical Risk Assessment: An explainable AI component that helps clinicians understand why an AI output is considered safe, unsafe, uncertain, privacy-risky, or potentially manipulated.