I am an assistant professor of Computer Science at ETH Zürich. I lead the SPY Lab, and am a member of the Information Security Institute and of ZISC, and an associated faculty of the ETHZ AI Center.
My research interests lie in Computer Security, Machine Learning and Cryptography. In my current work, I study the worst-case behavior of Deep Learning systems from an adversarial perspective, to understand and mitigate long-term threats to the safety and privacy of users.
To learn more about our lab's work, see here or take a look at our blog.
My work has been featured in The Economist, Nature, Science, Communications of the ACM, Wired and the Swiss news (in french).
I received my PhD from Stanford University under the supervision of Dan Boneh. After graduating, I spent one year at Google Brain.
Email:
Office: Universitätstrasse 6, CAB F72, CH-8092 Zürich
Current group
- Daniel Paleka (PhD Student)
- Edoardo Debenedetti (PhD Student, CYD Fellowship)
- Javier Rando (PhD Student, AI Center Fellowship)
- Michael Aerni (PhD Student)
- Jie Zhang (PhD Student)
- Kristina Nikolić (PhD Student, AI Center Fellowship)
- Lukas Fluri (PhD Student)
News
- Our AgentDojo benchmark won the CAIS SafeBench competition!
- Our position paper on private learning with public pretraining and our paper on stealing part of a production LLM got best paper awards at ICML 2024!
- I am thrilled to be selected for a Google Research Scholar Award and an Amazon Research Award.
Some of my recorded talks
Making Machine Learning FAIL (my inaugural lecture)
Does Adversarial Machine Learning Research Matter? (AdvML 2021)
Measuring and Enhancing the Security of Machine Learning (my "job talk")
Data poisoning won't save you from facial recognition (CVPR WMF)
Adversarial Examples (Machine Learning Street Talk)
Remote Side-Channel Attacks on Anonymous Cryptocurrencies (USENIX Security)
On Adaptive Attacks to Adversarial Examples Defenses (USENIX ScAINet)
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware (ICLR)