Principal Applied Scientist · AWS AI Security

Tancrède Lepoint

I turn ambitious security research into systems people can trust.

I work across AI security, post-quantum cryptography, and privacy-enhancing technologies, from new ideas and formal guarantees to standards and production deployments.

Flagship impact. I co-authored CRYSTALS-Kyber and CRYSTALS-Dilithium, now the NIST post-quantum standards ML-KEM (FIPS 203) and ML-DSA (FIPS 204). They are replacing RSA and elliptic curves in TLS, Signal, and iMessage, protecting billions of connections every day.

The proofs change shape along the way: security reductions in lattice cryptography, machine-checked theorems in verified differential privacy, and solver verdicts in neurosymbolic AI, where an LLM interprets and a symbolic engine decides. The discipline stays the same: explicit threat models, formal guarantees, and honest claims about what is and isn’t proven. My work on homomorphic encryption, anonymous credentials, and differential privacy has been deployed at scale by Amazon, Google, and Apple.

Current questions

What I’m working on

AI security & neurosymbolic AI

I work on testing and debugging LLM-integrated applications, securing agentic systems, private training, and combining models with symbolic verification.

Explore this work →

Post-quantum cryptography

I work on the design, analysis, and real-world deployment of lattice-based cryptography, including the standards ML-KEM and ML-DSA.

Explore this work →

Privacy-enhancing technologies

I build privacy technologies including homomorphic encryption, differential privacy, secure aggregation, and anonymous credentials.

Explore this work →

AI security & neurosymbolic AI

Secure and reliable AI systems: testing and debugging LLM-integrated applications, securing agentic systems, private training, and neurosymbolic approaches where an LLM interprets and a symbolic engine verifies, so the guarantees never rest on the model alone.

The idea, running. Wrap each input segment in a verifiable semantic marker, re-run the LLM on halves of the input, keep the half where the failure persists, and repeat until a minimal set of culprit segments remains (ICSE-SEIP 2026).

Post-quantum cryptography

Quantum computers will eventually break the cryptographic algorithms that secure today’s internet. I have worked on designing, analyzing, and deploying their replacements.

The hard problem underneath. Learning With Errors: multiply a public matrix A by a secret vector s, add small noise e, publish the result b. Recovering s from (A, b) is believed hard, even for a quantum computer. ML-KEM and ML-DSA are built on lattice problems of this shape.

Privacy-enhancing technologies

Cryptographic systems that let organizations use sensitive data without exposing it: from private information retrieval and anonymous credentials to differential privacy and contact-tracing analytics. Several of these systems have been deployed at scale by Apple and Google.

Private information retrieval. The client’s query travels encrypted; the server computes over its whole database under homomorphic encryption and returns one encrypted record, without ever learning which one (Usenix 2021).

News

May 2026
Appointed IACR IT Manager, a board-appointed position.
Apr 2026
Delta debugging for LLM-integrated systems” to appear at ICSE-SEIP 2026 (Rio de Janeiro).
Jun 2025
Verified foundations for differential privacy” received a Distinguished Artifact award at PLDI 2025.
Aug 2024
NIST finalized FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA), born from our CRYSTALS designs; served as General Chair of CRYPTO 2024.

Open source

fhe.rs A fully homomorphic encryption library in pure Rust, implementing the BFV scheme. More on my GitHub.


Professional service

IT Manager IACR 2026–present (board-appointed)
Director IACR 2018–2024
Co-editor Cryptology ePrint Archive 2016–2023
General Chair CRYPTO 2024
Program Chair WAHC 2020WAHC 2019

Program committees


About

Tancrède Lepoint

I have spent fifteen years making cryptography practical: lattice-based schemes that became NIST standards, homomorphic encryption and anonymous credentials deployed by Google and Apple, verified differential privacy in AWS Clean Rooms. Today I apply the same standard of evidence to AI systems at AWS AI Security. Previously: AWS Provable Security & Automation (2022–2025), Apple (2021–2022), Google (2018–2021), SRI International (2016–2018), CryptoExperts (2011–2016). Ph.D. from École Normale Supérieure and University of Luxembourg (Gilles Kahn Prize, 2014). My Erdős number is 3, through Claire Mathieu and Eli Upfal.

Let’s talk

Working on a hard security problem?

I’m always interested in consequential technical problems, ambitious research teams, and collaborations that can move from a rigorous idea to real-world impact.