Florian Tramèr

Stealing a generative AI's secrets (responsibly)

Foundations of Responsible Computing (FORC) – Keynote, Boston, USA — 13 June 2024 Slides Slides

CIFAR Learning in Machines & Brains meeting, Zurich, Switzerland — 6 May 2024

Huawei STW, Virtual — 25 April 2024

NYU, New York, USA — 12 April 2024
Un-aligning Large Language Models

EPFL Applied Machine Learning Days, Lausanne, Switzerland — 26 March 2024 Slides Slides
Universal jailbreak backdoors from poisoned human feedback

NeurIPS Workshop on Backdoors in Deep Learning, Virtual — 15 December 2023 Slides Slides
Privacy Side-channels in Machine Learning Systems

NeurIPS Workshop on Privacy Preserving Federated Learning Document VQA, Virtual — 15 December 2023 Slides Slides
Attacking Machine Learning Systems

ICCV Workshop on Adversarial Robustness In the Real World, Virtual — 3 October 2023 Slides Slides
Is anything really OOD anymore?

ICCV Workshop on Out Of Distribution Generalization in Computer Vision, Virtual — 3 October 2023 Slides Slides
Poisoning Web-Scale Training Datasets is Practical

MLSys Workshop on Decentralized and Collaborative Learning, Virtual — 8 June 2023 Slides Slides

ZISC Seminar, Zurich, Switzerland — 23 March 2023

Université du Luxembourg, Luxembourg — 21 June 2023
Making machine learning fail

ETH Zurich inaugural lecture, Zurich, Switzerland — 21 February 2023 Slides Slides Video
Generative models have the memory of an elephant

Sony, Zurich, Switzerland — 7 November 2023 Slides Slides

Facebook, Virtual — 22 March 2023

Microsoft, Virtual — 28 February 2023

University of St. Gallen, Switzerland — 23 February 2023

AAAI Workshop on Practical Deep Learning in the Wild, Virtual — 14 February 2023
Measuring privacy leakage in neural networks

ZISC Seminar, Zurich, Switzerland — 17 November 2022 Slides Slides
Machine Learning to the Rescue: Risks and Opportunities

Cyber-Defence Campus Conference, Bern, Switzerland — 26 October 2022 Slides Slides
A Tour of Adversarial Machine Learning

ETHZ Open Port, Zurich, Switzerland — 12 October 2022 Slides Slides
Detecting Adversarial Examples Is (Nearly) As Hard As Classifying Them

ICML, Virtual — 19 July 2022 Slides Slides
Why you should treat your ML defense like a theorem

Machine Learning Security Seminar Series, Virtual — 7 July 2022 Slides Slides Video
From average-case to worst-case privacy leakage in neural networks

Privacy and Security in ML Seminars, Virtual — 20 April 2022 Slides Slides Video
When not to use adversarial examples

AAAI 2022 Workshop on Adversarial Machine Learning and Beyond, Virtual — 28 February 2022 Slides Slides
Breaking and safeguarding privacy in machine learning

CS356 Topics in Computer and Network Security (guest lecture), Virtual — 16 February 2022 Slides Slides

Boston University security seminar, Virtual — 9 February 2022
Security and privacy in machine learning

ETH Information Security Lab (guest lecture), Virtual — 20 December 2021 Slides Slides
Does Adversarial Machine Learning Research Matter?

KDD 2021 Workshop on Adversarial Machine Learning, Virtual — 15 August 2021 Slides Slides Video
Data Poisoning Won't Save You From Facial Recognition

CVPR 2021 workshop on media forensics — 19 June 2021 Slides Slides Video
What is (and isn't) Private Learning?

Boston-area DP seminar, Virtual — 16 April 2021 Slides Slides

ITASEC workshop on AI for security and security of AI, Virtual — 7 April 2021
Measuring and Enhancing the Security of Machine Learning

Stanford (PhD dissertation defense), Virtual — 20 April 2020 Slides Slides

University of Toronto, Virtual — 18 March 2021 Slides Slides

University of Waterloo, Virtual — 16 March 2021

Facebook Research, Virtual — 15 March 2021

Aarhus University, Virtual — 11 March 2021

Google Brain, Virtual — 10 March 2021

ETH Zürich, Virtual — 9 March 2021

CISPA, Virtual — 3 March 2021

Max Plank Institute, Virtual — 24 February 2021

Microsoft Research, Virtual — 18 February 2021

Ruhr University Bochum, Virtual — 8 February 2021

EPFL, Virtual — 1 February 2021
Differentially Private Learning Needs Better Features

Google Algorithms seminar, Virtual — 8 April 2021 Slides Slides

Apple, Virtual — 15 January 2021

Stanford Security Lunch, Virtual — 13 January 2021
Don't use Computer Vision for Web Security

CS356 Topics in Computer and Network Security (guest lecture), Virtual — 26 October 2020

CV-COPS (ECCV Workshop), Virtual — 28 August 2020 Slides Slides Video
On Adaptive Attacks to Adversarial Example Defenses

USENIX ScAINet, Virtual — 10 August 2020 Slides Slides Video

Stanford Security Lunch, Virtual — 6 May 2020
Remote Side-Channel Attacks on Anonymous Transactions

USENIX Security, Virtual — 14 August 2020 Slides Slides Video

Stanford Blockchain Conference, Stanford, CA — 19 February 2020

Stanford Security Lunch, Stanford, CA — 4 December 2019
Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations

ICML, Virtual — 15 July 2020 Slides Slides Video
Limitations of Threat Modeling in Adversarial Machine Learning

EPFL, Lausanne, Switzerland — 19 December 2019 Slides Slides
Developments in Adversarial Machine Learning

ETH ZISC Seminar, Zürich, Switzerland — 19 September 2019 Slides Slides
Adversarial Training and Robustness for Multiple Perturbations

NeurIPS Spotlight, Vancouver, Canada — 12 December 2019 Slides Slides Video

Stanford Security Lunch, Stanford, CA — 22 May 2019 Slides Slides
AdVersarial: Defeating Perceptual Ad-Blocking with Adversarial Examples

CCS, London, UK — 14 November 2019 Slides Slides

Hughes network systems, Germantown, MD — 8 October 2019

ETHZ, Zürich, Switzerland — 10 September 2019

Stanford Computer Forum Annual Meeting, Stanford, CA — 8 April 2019 Video

Palo Alto Networks, Palo Alto, CA — 22 February 2019

Ad-Blocking Developer Summit, San Francsisco, CA — 14 November 2018
A Tour of Machine Learning Security

Intel, Santa Clara, CA — 30 August 2018 Slides Slides

CISPA, Saarland, Germany — 6 August 2018
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

ICLR, New Orleans, LO — 7 May 2019 Slides Slides Video

Intel, Santa Clara, CA — 30 August 2018

Stanford Security Lunch, Stanford, CA — 13 June 2018
What's next for Adversarial ML? And why Adblockers should care

EPFL, Lausanne, Switzerland — 9 July 2018 Slides Slides
Security for Smart Contracts

CS359B Designing Decentralized Applications on Blockchain (guest lecture), Stanford, CA — 23 May 2018 Slides Slides
Integrity and Confidentiality for Machine Learning

CS521 Seminar on AI Safety (guest lecture), Stanford, CA — 19 April 2018 Slides Slides
GasToken: A Journey Through Blockchain Resource Arbitrage

Crypto Economics Security Conference (CESC), San Francisco, CA — 11 October 2018 Slides Slides

MIT Bitcoin Expo, Boston, MA — 18 March 2018
Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts

BPASE, Stanford, CA — 24 January 2018 Slides Slides

Stanford Security Lunch, Stanford, CA — 4 October 2017
Ensemble Adversarial Training

Stanford Innovative Technology Leader program, Stanford, CA — 22 January 2018 Slides Slides

Facebook, Menlo Park, CA — 15 December 2017

Cybersecurity with the Best — 15 October 2017

IBM Research, Yorktown Heights, NY — 7 August 2017

Berkeley Security Seminar, Berkeley, CA — 12 June 2017

Stanford Security Lunch, Stanford, CA — 17 May 2017
Formal Abstractions for Attested Execution Secure Processors

EUROCRYPT, Paris, France — 1 May 2017 Slides Slides
Sealed-Glass Proofs

EuroS&P, Paris, France — 26 April 2017 Slides Slides

Stanford Security Lunch, Stanford, CA — 8 February 2017
FairTest: Discovering Unwarranted Associations in Data-Driven Applications

EuroS&P, Paris, France — 28 April 2017 Slides Slides

MLCONF, Seattle, WA — 20 May 2016
Stealing Machine Learning Models via Prediction APIs

Usenix Security, Austin, TX — 11 August 2016 Slides Slides Video
Differential Privacy with Bounded Priors

CCS, Denver, CO — 15 October 2015 Slides Slides
Better Algorithms for LWE and LWR

EUROCRYPT, Sofia, Bulgaria — 27 April 2015 Slides Slides