My Photo

I am an assistant professor of Computer Science at ETH Zürich. I lead the SPY Lab, and am a member of the Information Security Institute and of ZISC, and an associated faculty of the ETHZ AI Center.

My research interests lie in Computer Security, Machine Learning and Cryptography. In my current work, I study the worst-case behavior of Deep Learning systems from an adversarial perspective, to understand and mitigate long-term threats to the safety and privacy of users.

To learn more about our lab's work, see here or take a look at our blog.

My work has been featured in The Economist, Nature, Science, Communications of the ACM, Wired and the Swiss news (in french).

I received my PhD from Stanford University under the supervision of Dan Boneh. After graduating, I spent one year at Google Brain.

Office: Universitätstrasse 6, CAB F72, CH-8092 Zürich

Twitter Google Scholar LinkedIn

Current group


Some of my recorded talks

Making Machine Learning FAIL (my inaugural lecture)

Does Adversarial Machine Learning Research Matter? (AdvML 2021)

Measuring and Enhancing the Security of Machine Learning (my "job talk")

Data poisoning won't save you from facial recognition (CVPR WMF)

Adversarial Examples (Machine Learning Street Talk)

Remote Side-Channel Attacks on Anonymous Cryptocurrencies (USENIX Security)

On Adaptive Attacks to Adversarial Examples Defenses (USENIX ScAINet)

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware (ICLR)