“BPS”, Brain Privacy & Security, was a legendary team. This team had a pervasive impact on machine learning, privacy, and security research. Its members contributed seminal research in many now well-known topics. To name just a few that stick out for me:
- Adversarial examples, the famous attack making supervised models predict a panda as a gibbon (and, I still don’t quite know what a gibbon is, only that it is in fact not a panda), were jointly discovered by early members, and then the team (Nicholas Carlini) continued to show the community how not to make models robust.
- Differentially private machine learning, where early members co-invented DP-SGD and PATE, and then the group later continued to innovate in this space by co-inventing DP-FTRL.
- Memorization and training data extraction, which the group first co-exposed as a concern for large language models and have continued to make significant advancements by improving our understanding and measurement of this phenomenon; this is now being hotly debated in many other communities.
- Privacy auditing and membership inference, where the team made significant contributions in numerous important works, and several solutions within Google were co-led by this team.
- And other topics, including poisoning, model extraction, unlearning, etc., were influenced by important works contributed by the group.
When I was graduating, it was clearly one of the best places to be if you wanted to work at the forefront of this research area, while also being afforded the many benefits of being in a frontier industry research lab. Recently, some of my colleagues who made the team so special have moved on to new teams. And now, it is time for me to do the same.
A brief background for those who don't know me. I'm a research scientist focused on the intersection of privacy and security with machine learning. I've worked on unlearning, differential privacy, privacy audits, collaborative learning, ownership resolution, jailbreaks, and prompt injections, to name a few topics. I've led several important projects for our frontier models (Gemini, Gemma, …), including evaluations and mitigations for privacy and security.
I was at Google for nearly 5 years. I first joined as an AI resident in Google Research, and then I joined BPS right after. Back in 2023, Google Brain was famously merged into Google DeepMind.
A new era.
I'm sad to be leaving a team of excellent researchers and great friends. At the same time, I’m really excited to be joining the Alignment team at OpenAI. I'm looking forward to a new adventure where I’ll be working with some of the best minds in this space and can explore a different environment with new people, perspectives, and focuses. I'm excited to push the frontiers of model/system robustness and to improve alignment, security, and privacy broadly at OpenAI. Hopefully, I'll be able to share what we're cooking soon!