I am an assistant professor of Computer Science at ETH Zürich. I lead the SPY Lab, and am a member of the Information Security Institute and of ZISC, and an associated faculty of the ETHZ AI Center.
My research interests lie in Computer Security, Machine Learning and Cryptography. In my current work, I study the worst-case behavior of Deep Learning systems from an adversarial perspective, to understand and mitigate long-term threats to the safety and privacy of users.
To learn more about our lab's work, see here or take a look at our blog.
My work has been featured in The Economist, Nature, Science, Communications of the ACM, Wired and the Swiss news (in french).
I received my PhD from Stanford University under the supervision of Dan Boneh. After graduating, I spent one year at Google Brain.
Email:
Office: Universitätstrasse 6, CAB F72, CH-8092 Zürich
Current group
- Avital Shafran (Postdoc)
- Daniel Paleka (PhD Student)
- Edoardo Debenedetti (PhD Student)
- Javier Rando (PhD Student -> Anthropic)
- Michael Aerni (PhD Student)
- Jie Zhang (PhD Student)
- Kristina Nikolić (PhD Student)
- Lukas Fluri (PhD Student)
- Pura Peetathawatchai (PhD Student)
News
- Our AgentDojo benchmark won the CAIS SafeBench competition!
- Our position paper on private learning with public pretraining and our paper on stealing part of a production LLM got best paper awards at ICML 2024!
- I am thrilled to be selected for a Google Research Scholar Award and an Amazon Research Award.
Some of my recorded talks
Cybersecurity in the Age of LLMs (IRISA 50th anniversary)
The Weird ChatGPT Hack That Leaked Training Data (Machine Learning Street Talk with Yannic Kilcher)
Making Machine Learning FAIL (my inaugural lecture)
Un-aligning large language models (EPFL Applied Machine Learning Days)
Measuring and Enhancing the Security of Machine Learning (my "job talk")
Adversarial Examples (Machine Learning Street Talk with Yannic Kilcher and Tim Scarfe)
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware (ICLR)