Scholar

Andreas Terzis

Google Scholar ID: NcIqQ88AAAAJ

Google Deepmind

Computer NetworksMachine LearningPrivacySecurity

Homepage↗Google Scholar↗

Citations & Impact

All-time

Citations

7,716

H-index

32

i10-index

62

Publications

20

Co-authors

183

list available

Contact

TwitterOpen ↗GitHubOpen ↗LinkedInOpen ↗

Publications

7 items

How to DP-fy Your Data: A Practical Guide to Generating Synthetic Data With Differential Privacy

2025

Cited

0

The Attacker Moves Second: Stronger Adaptive Attacks Bypass Defenses Against Llm Jailbreaks and Prompt Injections

2025

Cited

0

Evaluating the Robustness of a Production Malware Detection System to Transferable Adversarial Attacks

2025

Cited

0

Lessons from Defending Gemini Against Indirect Prompt Injections

2025

Cited

0

Defeating Prompt Injections by Design

2025

Cited

0

Machine Unlearning Doesn't Do What You Think: Lessons for Generative AI Policy, Research, and Practice

arXiv.org · 2024

Cited

29

The Last Iterate Advantage: Empirical Auditing and Principled Heuristic Analysis of Differentially Private SGD

arXiv.org · 2024

Cited

2

Resume (English only)

Academic Achievements

Papers can be found on my Google Scholar page.

Research Experience

Recent Projects: How we estimate the risk from prompt injection attacks on AI systems; Protecting users with differentially private synthetic training data.

Background

I lead the Security and Privacy Research team at Google DeepMind, working on privacy and security for ML systems. Before joining Google I was an associate professor in the Department of Computer Science at the Johns Hopkins University, where I headed the Hopkins InterNetworking Research (HiNRG) Group. I worked on computer networks with an emphasis on low-power and sensor networks.

Miscellany

Follow me on Twitter. LinkedIn profile.

Co-authors

183 total

Associate Professor, Yonsei University

Professor of Computer Science, UCLA

Nicholas Carlini