Majid Mollaeefar

Cybersecurity Researcher | AI & Privacy

Majid Mollaeefar

About Me

Professional Summary

Cybersecurity researcher with a Ph.D. in Computer Science and Systems Engineering from the University of Genova, Italy. With 6+ years of experience in cybersecurity risk frameworks, threat modeling, and privacy engineering, I have more recently expanded my research into AI-powered security by designing LLM-based tools for threat modeling, privacy risk analysis, and Cyber Threat Intelligence as a postdoctoral researcher at Fondazione Bruno Kessler (FBK), Trento. Current research spans multi-agent AI systems, LLM benchmarking for security tasks, RAG-based approaches, and risk frameworks for trustworthy AI, with results published in high-quality venues including PETS, JISA, and FGCS.

0 Publications
6+ Years Experience
0 Tools
0 Students Supervised

Core Expertise

Risk Assessment & Management
Privacy Protection & GDPR
Threat Modeling
AI-Powered Security
DPIA & Compliance
Python, Java, JavaScript
Large Language Models
Multi-Agent AI Systems
LLM Benchmarking & Evaluation
Prompt Engineering
LINDDUN Privacy Framework

Professional Experience

Cybersecurity Specialist

Fondazione Bruno Kessler (FBK), Trento, Italy
April 2023 – Present

Leading cybersecurity initiatives focusing on AI-powered threat analysis, privacy assessments, and risk management strategies for critical systems including automotive cybersecurity and digital identity solutions.

Cybersecurity Researcher (Ph.D. Career)

Fondazione Bruno Kessler (FBK), Trento, Italy
November 2018 – November 2022

Developed innovative methodologies for multi-stakeholder risk assessment, conducted Data Protection Impact Assessments (DPIA), and created AI-powered tools for automated threat analysis and privacy risk modeling.

Junior Information Security Specialist

Arian Holding, Tehran
February 2017 – January 2018

Conducted comprehensive gap analyses to achieve ISO 27001 compliance, drafted and implemented ISMS documentation, and delivered training programs to enhance organizational security awareness.

Education

Ph.D. in Cybersecurity

University of Genova, Genova, Italy
November 2018 - November 2022

Dissertation: "Automating the Quantification and Mitigation of Risks for Multiple Stakeholders"

View Thesis

Publications

2026

Benchmarking the Effectiveness of Multi-agent LLMs in Collaborative Privacy Threat Modeling with LINDDUN GO

Andrea Bissoli, Majid Mollaeefar, Dimitri Van Landuyt, Silvio Ranise

Journal of Information Security and Applications (JISA) Journal

2026

Chatbot Confessions: Large-Scale Analysis of Private Data Disclosure in Shared AI Chatbot Conversations

Majid Mollaeefar, Dimitri Van Landuyt, Gerjan Franken, Nico Ebert, Silvio Ranise

Privacy Enhancing Technologies Symposium (PETS) Conference

2025

A comparative benchmark study of LLM-based threat elicitation tools

Dimitri Van Landuyt, Majid Mollaeefar, Mario Raciti, Stef Verreydt, Abdulaziz Kalash, Andrea Bissoli, Davy Preuveneers, Giampaolo Bella, Silvio Ranise

Journal of Future Generation Computer Systems (FGCS) Journal

2025

Multi-entity Control-based Risk Assessment: A European Digital Identity Wallet Use Case

Majid Mollaeefar, Amir Sharif, Zahra Ebadi Ansaroudi, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise

The 30th Nordic Conference on Secure IT Systems (Nordsec25) Conference

PDF
2025

PILLAR: LINDDUN Privacy Threat Modeling using LLMs

Majid Mollaeefar, Andrea Bissoli, Dimitri Van Landuyt, Silvio Ranise

International Workshop on Privacy Engineering (IWPE'25) Workshop

PDF
2024

Modeling and Assessing Coercion Threats in Electronic Voting

Riccardo Longo, Majid Mollaeefar, Umberto Morelli, Chiara Spadafora, Alessandro Tomasi, Silvio Ranise

19th International Conference on Risks and Security of Internet and Systems (CRiSIS) ConferenceBest Paper 🏆

2024

Protecting Digital Identity Wallet: A Threat Model in the Age of eIDAS 2.0

Amir Sharif, Zahra Ebadi Ansaroudi, Giada Sciarretta, Daniela Pöhn, Majid Mollaeefar, Wolfgang Hommel, Silvio Ranise

19th International Conference on Risks and Security of Internet and Systems (CRiSIS) Conference

2024

A Risk-based Approach to Trustworthy AI Systems for Judicial Procedures

Majid Mollaeefar, Eleonora Marchesini, Roberto Carbone, Silvio Ranise

4th Ital-AI Workshop AI Responsabile e Affidabile Workshop

PDF
2023

Identifying and Quantifying Trade-offs in Multi-Stakeholder Risk Evaluation with Applications to the Data Protection Impact Assessment of the GDPR

Majid Mollaeefar, Silvio Ranise

Journal of Computers & Security Journal

PDF
2020

Multi-Stakeholder Cybersecurity Risk Assessment for Data Protection

Majid Mollaeefar, Alberto Siena, Silvio Ranise

17th International Conference on Security and Cryptography (SECRYPT 2020) Conference

PDF
2017

A novel encryption scheme for colored image based on high level chaotic maps

Majid Mollaeefar, Amir Sharif, Mahboubeh Nazari

Journal of Multimedia Tools and Applications Journal

2017

A novel method for digital image steganography based on a new three-dimensional chaotic map

Sharif, Amir, Majid Mollaeefar, Mahboubeh Nazari

Journal of Multimedia Tools and Applications Journal

2017

An improved method for digital image fragile watermarking based on chaotic maps

Nazari, Mahboubeh, Amir Sharif, Majid Mollaeefar

Journal of Multimedia Tools and Applications Journal

2016

A novel method for image encryption using chaotic maps

Amir Sharif, Majid Mollaeefar, M. Habibi, M. Nazari

3rd International Conference on Applied Research in Computer and Information Technology Conference

2015

An improved method for image encryption based on high level chaotic maps and improved gravity model

Majid Mollaeefar, Amir Sharif, M. Habibi, Mahboubeh Nazari

International Congress on Technology, Communication and Knowledge (ICTCK) Conference

Developed Tools

AutoSecGPT

Description: An AI-powered tool designed to automate threat modeling for automotive applications, aligned with ISO/SAE 21434 standard. AutoSecGPT supports security teams by facilitating the entire cybersecurity engineering process—from threat identification to risk assessment.

Key Features:

  • Works with different LLMs such as OpenAI to analyze threat scenarios
  • Identifies security threats specific to automotive systems
  • Generates detailed threat scenarios and descriptions to facilitate risk understanding
  • Visualizes threat scenarios through attack graphs
  • Conducts likelihood and impact assessments to prioritize threats
  • Supports Threat Analysis and Risk Assessment (TARA) as per ISO/SAE 21434
Languages: Python, JavaScript, HTML
View on GitHub Watch Demo

PILLAR

Description: Privacy risk Identification with LINDDUN and LLM Analysis Report (PILLAR) is an AI-powered tool developed to automate and enhance privacy threat modeling. Built on the LINDDUN framework, PILLAR leverages Large Language Models (LLMs) to automatically generate Data Flow Diagrams (DFDs), identify privacy threats, and prioritize risks.

Key Features:

  • Automates privacy threat modeling using LINDDUN and LLMs
  • Generates DFDs from natural language descriptions
  • Simulates multi-agent collaboration for comprehensive threat analysis
  • Assesses the impact of identified privacy threats
  • Suggests control measures based on privacy patterns
  • Generates comprehensive reports on privacy threat modeling
Language: Python
View on GitHub Try Live Demo

Multi-Stakeholder Risk Assessment Tool

Description: A comprehensive risk assessment tool that enables risk analysts to perform risk evaluation in a multi-stakeholder manner for a given system. The tool addresses the complexity of balancing different stakeholders' interests in risk management decisions.

Purpose:

  • Evaluate and quantify risk levels for all involved stakeholders
  • Solve the risk minimization problem as a multi-objective optimization challenge
  • Identify trade-offs between conflicting stakeholder interests
  • Support decision-making with quantitative risk data
Languages: Java, Scala
Data Format: JSON
View on GitHub

DIWAR

Description: Digital Identity Wallet Analysis and Risk assessment (DIWAR) is a control-based risk assessment tool specifically designed for Digital Identity Wallet ecosystems. It integrates DREAD factors with entity-specific control attribution to quantitatively evaluate threats and prescribe targeted mitigations aligned with each entity's responsibilities.

Key Features:

  • Entity-specific risk assessment for Issuers, Verifiers, and Wallet Providers
  • Control-based evaluation using the (modified) DREAD model (Damage, Reproducibility, Exploitability, Affected users, Detectability)
  • Multi-level control implementation (Basic, Intermediate, Advanced)
  • Qualitative risk matrix with color-coded severity levels
  • Interactive threat and control visualization
  • Role-specific security control recommendations
Language: Python
Framework: Streamlit
View on GitHub

Supervised Internships & Theses

Past Students:

Agentic Threat Modeling

Daniele Calvo
Bachelor's Thesis, University of Trento, May 2025

Exploring LLMs for privacy threats assessment

Andrea Bissoli
Bachelor's Thesis, University of Trento, July 2024

Transferability of Adversarial Machine Learning Attacks

Stefano Camposilvan
Bachelor's Thesis, University of Trento, May 2024

Towards Risk Assessment of Adversarial Machine Learning

Mattia Bressan
Bachelor's Thesis, University of Trento, November 2023

Get In Touch

Fondazione Bruno Kessler, Via Sommarive 18, Trento, 38123, Italy
Email: m[surname]@fbk.eu