AI security & neurosymbolic AI
I work on testing and debugging LLM-integrated applications, securing agentic systems, private training, and combining models with symbolic verification.
Explore this work →I turn ambitious security research into systems people can trust.
I work across AI security, post-quantum cryptography, and privacy-enhancing technologies, from new ideas and formal guarantees to standards and production deployments.
Flagship impact. I co-authored CRYSTALS-Kyber and CRYSTALS-Dilithium, now the NIST post-quantum standards ML-KEM (FIPS 203) and ML-DSA (FIPS 204). They are replacing RSA and elliptic curves in TLS, Signal, and iMessage, protecting billions of connections every day.
The proofs change shape along the way: security reductions in lattice cryptography, machine-checked theorems in verified differential privacy, and solver verdicts in neurosymbolic AI, where an LLM interprets and a symbolic engine decides. The discipline stays the same: explicit threat models, formal guarantees, and honest claims about what is and isn’t proven. My work on homomorphic encryption, anonymous credentials, and differential privacy has been deployed at scale by Amazon, Google, and Apple.
I work on testing and debugging LLM-integrated applications, securing agentic systems, private training, and combining models with symbolic verification.
Explore this work →I work on the design, analysis, and real-world deployment of lattice-based cryptography, including the standards ML-KEM and ML-DSA.
Explore this work →I build privacy technologies including homomorphic encryption, differential privacy, secure aggregation, and anonymous credentials.
Explore this work →Secure and reliable AI systems: testing and debugging LLM-integrated applications, securing agentic systems, private training, and neurosymbolic approaches where an LLM interprets and a symbolic engine verifies, so the guarantees never rest on the model alone.
Quantum computers will eventually break the cryptographic algorithms that secure today’s internet. I have worked on designing, analyzing, and deploying their replacements.
Cryptographic systems that let organizations use sensitive data without exposing it: from private information retrieval and anonymous credentials to differential privacy and contact-tracing analytics. Several of these systems have been deployed at scale by Apple and Google.
fhe.rs A fully homomorphic encryption library in pure Rust, implementing the BFV scheme. More on my GitHub.
I have spent fifteen years making cryptography practical: lattice-based schemes that became NIST standards, homomorphic encryption and anonymous credentials deployed by Google and Apple, verified differential privacy in AWS Clean Rooms. Today I apply the same standard of evidence to AI systems at AWS AI Security. Previously: AWS Provable Security & Automation (2022–2025), Apple (2021–2022), Google (2018–2021), SRI International (2016–2018), CryptoExperts (2011–2016). Ph.D. from École Normale Supérieure and University of Luxembourg (Gilles Kahn Prize, 2014). My Erdős number is 3, through Claire Mathieu and Eli Upfal.
I’m always interested in consequential technical problems, ambitious research teams, and collaborations that can move from a rigorous idea to real-world impact.