Researcher · Lecturer

Philipp Haindl
Security, Safety & Reliability
of AI-Integrated Software Systems

I work at the intersection of software security, AI systems, and software architecture — researching how AI-integrated applications can be built, tested, and evaluated for security and reliability.

University of Applied Sciences St. Pölten
Scholar ORCID ResearchGate LinkedIn GitHub
Philipp Haindl

Research

My research is organized around four streams. I actively supervise theses and welcome collaboration on these topics.

01
AI Security Testing
How can AI-integrated applications be systematically tested for security vulnerabilities?
Adversarial robustness of generative AI systems, prompt injection, red-teaming methodologies, and automated security evaluation of AI-augmented software. Includes both LLM-specific attack surfaces and broader AI system security.
Generative AI Security Prompt Injection Red-Teaming Open for theses
02
Architecture Security
What security threats does a given software architecture bring with it, and how can they be mitigated?
Different architectural styles — microservices, event-driven architectures, CQRS, event sourcing, serverless/Lambda — each introduce distinct attack surfaces and trust boundaries. I study architecture-specific threats, inter-service security, API gateway security, and runtime detection patterns for distributed and cloud-native systems.
Microservices Serverless Event-Driven API Security Runtime Detection Open for theses
03
AI in Software Engineering
How do AI coding assistants affect software quality, security, and developer practice?
Empirical studies on LLM-generated code quality, cognitive complexity, security implications of AI-assisted development, and pedagogical approaches to AI-augmented software engineering education.
AI in SE Code Quality LLM-Assisted Development Open for theses
04
AI Agent Security
How can AI agent infrastructures be made secure, private, and reliable?
As AI agents built on protocols like MCP interact with external tools and sensitive data, new security and privacy challenges emerge. I study threat models for agent-based systems, privacy-preserving architectures using Trusted Execution Environments, and performance-security trade-offs in vector database retrieval for AI agents.
AI Agents MCP Security Trusted Execution Environments Privacy-Preserving AI Open for theses

Publications

2026
Twenty Years of the Java Virtual Machine Tool Interface: A Systematic Literature Review Under Review
Haindl P., Kochberger P.
2026
ReviQ: A Systematic Literature Review Workbench Under Review
Haindl P.
2026
Beyond AI Delegation: A Prompt Pattern Framework for Productive Struggle and Evaluative Judgement in Secure Coding Education Under Review
Haindl P., Eigner O., Kieseberg P.
2025
Assessing the Impact of Asynchronous Communication on Resilience and Robustness: A Comparative Study of Microservice and Monolithic Architectures Conference
Bosilia N., Weinberger G., Haindl P. · European Conference on Software Architecture 2025, Springer, pp. 171–186
2024
A Systematic Literature Review of Inter-Service Security Threats and Mitigation Strategies in Microservice Architectures Journal
Haindl P., Kochberger P., Sveggen M. · IEEE Access, vol. 12, pp. 90252–90286
2024
Does ChatGPT Help Novice Programmers Write Better Code? Results from Static Code Analysis Journal
Haindl P., Weinberger G. · IEEE Access, vol. 12, pp. 114146–114156
2024
Students' Experiences of Using ChatGPT in an Undergraduate Programming Course Journal
Haindl P., Weinberger G. · IEEE Access, vol. 12, pp. 43519–43529
2024
Comparability of Software Metrics and Estimating the Strength of Software Protections Journal
Kochberger P., Haindl P., Battaglin M., Felbauer P. · ERCIM News, no. 139
2023
Using Architecture Decision Records in Open Source Projects — An MSR Study on GitHub Journal
Buchgeher G., Schöberl S., Geist V., Dorninger B., Haindl P., Weinreich R. · IEEE Access, vol. 11, pp. 63725–63740
2022
Towards a Reference Software Architecture for Human-AI Teaming in Smart Manufacturing Conference
Haindl P., Buchgeher G., Khan M., Moser B. · IEEE/ACM International Conference on Software Engineering, New Ideas and Emerging Results 2022, pp. 96–100
2022
Quality Characteristics of a Software Platform for Human-AI Teaming in Smart Manufacturing Conference
Haindl P., Hoch T., Dominguez J., Aperribai J., Ure N.K., Tunçel M. · International Conference on the Quality of Information and Communications Technology 2022, Springer, pp. 3–17
2022
Value-Oriented Quality Metrics in Software Development: Practical Relevance from a Software Engineering Perspective Journal
Haindl P., Plösch R. · IET Software, vol. 16, no. 2, pp. 167–184
2020
An Operational Constraint Language to Evaluate Feature-Dependent Non-Functional Requirements Conference
Haindl P., Plösch R., Körner C. · Euromicro Conference on Software Engineering and Advanced Applications 2020, pp. 34–42
2020
Focus Areas, Themes, and Objectives of Non-Functional Requirements in DevOps: A Systematic Mapping Study Conference
Haindl P., Plösch R. · Euromicro Conference on Software Engineering and Advanced Applications 2020, pp. 394–403
2020
Specifying Feature-Dependent Maintainability Requirements in an Operational Manner — Results From a Case Study with Practitioners Conference
Haindl P., Plösch R. · International Workshop on Software Measurement 2020
2019
An Extension of the QUAMOCO Quality Model to Specify and Evaluate Feature-Dependent Non-Functional Requirements Conference
Haindl P., Plösch R., Körner C. · Euromicro Conference on Software Engineering and Advanced Applications 2019, pp. 19–28
2019
Towards Continuous Quality: Measuring and Evaluating Feature-Dependent Non-Functional Requirements in DevOps Conference
Haindl P., Plösch R. · IEEE International Conference on Software Architecture 2019, pp. 91–94
2019
A Research Preview on TAICOS — Tailoring Stakeholder Interests to Task-Oriented Functional Requirements Conference
Haindl P., Plösch R., Körner C. · International Working Conference on Requirements Engineering: Foundation for Software Quality 2019, Springer, pp. 297–303
2018
Assessing and Evaluating Functional Suitability of Software Conference
Haindl P. · ACM/IEEE International Conference on Automated Software Engineering 2018, pp. 920–923

Full list on Google Scholar · ORCID · ResearchGate

Theses

Student names omitted for privacy. · Contact me if you are interested in an open topic.

AI Security, Red-Teaming & Adversarial Testing
Red-Teaming Generative AI Systems for Enhanced Code Security: An Iterative Vulnerability Detection and Repair Prototype Master · open
Iterative LLM-Based Red-Teaming for Automated Code Vulnerability Detection and Repair Master · open
Ontology of Prompt Injection Attacks in LLM-Integrated Applications Master · in progress
Agentic AI for Linux Penetration Testing: Behavioural Analysis and System Constraints of Locally Hosted Unrestricted Language Models Master · in progress
Agentic Penetration Testing with AI Agents Bachelor · in progress
Secure Software Engineering & AI-Assisted Development
Cognitive Complexity of AI-Generated Code Bachelor · in progress
Practical Relevance and Evaluation of Java Secure Coding Guidelines Bachelor · in progress
Using AI for Specification and Iterative Refinement of Software Security Requirements Bachelor/Master · open
Implementation Status and Challenges of the NIST Secure Software Development Framework (SSDF) in Practice Bachelor/Master · open
Runtime Detection of Malicious Activities in Web Applications with JVMTI Master · completed
Architecture-Specific Security
Inter-Service Security Threats and Mitigation Strategies in Microservice Architectures Master · completed
Software and API Security in Microservice Architectures Master · completed
Application Scenarios of API Gateways in Microservice Architectures Master · completed
Zero-Trust Principles for Transactional Microservices Bachelor/Master · open
Event-Driven Transactions with Secure Messaging Master · open
Evaluating Approaches for Secure Distributed Transaction Coordination Bachelor/Master · open
JVM & Runtime Security
Security Threats in JVM Runtime Monitoring (JVMTI): A Multivocal Literature Review Master · open
JVMTI Threat Model Master · open
Security of Dynamically Loaded JVM Agents Master · open
Multivocal Literature Review on JVMTI Security Threats and Mitigation Strategies Master · open
AI Agents & MCP Security
Privacy-Preserving MCP Agents in Trusted Execution Environments Master · open
Evaluating TEE-Based Approaches for Confidential Retrieval in MCP Architectures Master · open
Benchmarking and Evaluating MCP Agent Performance Master · open
Optimizing Vector Database Retrieval on Apple Silicon for MCP Agents Master · open
AI for Systematic Literature Reviews
Evaluating LLM Reliability for Systematic Literature Review Screening Master · in progress
Evaluating LLM Reliability for Systematic Literature Review Quality Assessment Master · in progress
Citation Context Analysis with LLMs for Enhancing Snowballing Effectiveness in SLRs Master · open
SLR on Android Malware Detection Techniques Master · open
Blockchain & Distributed Security
Blockchain-Based PKI in Large-Scale Corporate Environments Master · completed
Smart Contract Security Master · completed
Robotics & Embedded Systems
Data Injection and Localization Spoofing in ROS2 Mobile Robotics Bachelor · in progress

Book

Research Methods · CS
Research Fundamentals for Software Engineering Graduates
A practical guide covering research design, systematic literature reviews, empirical methods, statistical analysis, and academic writing — with a focus on applied computer science and information security research. Targeted at Master's students and early-career researchers.
Expected 2027 · Academic Publisher

Reviewing

ACM Transactions on Software Engineering and Methodology (TOSEM)
ACM Computing Surveys (CSUR)
IEEE Access
Euromicro SEAA — Special Session on Data and AI-Driven Engineering
Journal of Systems and Software
IEEE Software
IEEE SANER — Workshop on Validation, Analysis and Evolution of Software Tests
International Journal of Human-Computer Interaction

Projects

ReviQ
An open-source research tool for systematic literature review workflow management and reproducibility. ReviQ supports the full SLR pipeline — from search and screening to quality assessment and data extraction — with a focus on transparency and replicability of the review process.
Open Source Systematic Literature Reviews Research Tooling github.com/philipphaindl/ReviQ →

Certifications

Professional Certificate in AI in Higher Education
University of Stellenbosch via edX · 2025
Professional Certificate in Data Science
HarvardX via edX · 2021
iSAQB Certified Professional in Software Architecture
iSAQB® — International Software Architecture Qualification Board · 2015

About

I am a researcher and lecturer at the Institute of IT Security Research at the University of Applied Sciences St. Pölten, where I teach secure software engineering, software architecture, research methodology, IoT Safety & Security, and Generative AI in Research. I have also taught at Johannes Kepler University Linz and IMC Krems. My research sits at the intersection of software security and AI systems — with a particular focus on how the growing integration of AI systems into software changes the attack surface, the development process, and our ability to reason about system reliability.

Before entering academia, I spent over a decade as a software engineer and architect in the banking, insurance, and social security domain — an experience that continues to shape how I think about security as an engineering problem, not just a theoretical one. I hold a PhD in Computer Science from Johannes Kepler University Linz.

Education
PhD Computer Science JKU Linz · 2021
MSc Business Informatics FH Technikum Wien · 2016
BSc Communication Systems FH Technikum Wien · 2012
Interests
LLM & AI Security
Secure Software Architecture
AI in Software Engineering
Systematic Literature Reviews

Contact

I welcome collaboration on research topics, thesis proposals, and consulting inquiries related to AI security and secure software architecture.

hello@philipphaindl.io LinkedIn GitHub USTP Profile