Eugene is an Assistant Professor at UMass Amherst CICS. Eugene's work focuses on security and privacy in emerging AI-based systems under real-life conditions and attacks. He completed his PhD at Cornell Tech advised by Vitaly Shmatikov and Deborah Estrin. Eugene's research was recognized by Apple Scholars in AI/ML and Digital Life Initiative fellowships and Usenix Security Distinguished Paper Award. He received an engineering degree from Baumanka and worked at Cisco as a software engineer. Eugene has extensive industry experience (Cisco, Amazon, Apple) and spends part of his time as a Research Scientist at Google.
Security: He worked on backdoor attacks in federated learning and proposed new frameworks Backdoors101 and Mithridates, and a new attack on generative language models covered by VentureBeat and The Economist. Recent work includes studies on vulnerabilities in multi-modal systems: instruction injections, adversarial illusions and adding biases to text-to-image models.
Privacy: Eugene worked on the Air Gap privacy protection for LLM Agents and operationalizing Contextual Integrity. He worked on aspects of differential privacy including fairness trade-offs, applications to location heatmaps, and tokenization methods for private federated learning. Additionally he helped to build the Ancile system that enforces use-based privacy of user data.
Eugene grew up in Tashkent and plays water polo.
Announcement 1: I am looking for PhD students (apply) and post-docs to work on attacks on LLM agents and generative models. Please reach out over email!
Announcement 2: We will be holding a seminar CS 692PA on Privacy and Security for GenAI models, please sign up if you are interested.
Contextual Integrity can be applied to help personal assistants protect user privacy, we study how to instruct LLMs to follow CI.
Work done at Googleandroid. [PDF]Can text-to-image models be impacted by the adversary injected biases?
[PDF]Unlearning large concepts can either be easily recovered or will impact model performance.
Work done at Googleandroid. [PDF]How an adversary can inject hidden instructions into a visual language model?
[PDF]Can you make an agent that knows when to share the user data depending on context? Can it be protected from adversaries trying to extract that data.
Work done at Googleandroid. [PDF]A new algorithm for building heatmaps with local-like differential privacy.
Work done at Google. [PDF] [Updated Code]Tokenization is an important part of training a good language model, however in private federated learning where user data are not available generic tokenization methods reduce performance. We show how to obtain a good tokenizer without spending additional privacy budget.
Work done at Apple. Best paper runner-up award. [PDF]We introduce a constrain-and-scale attack, a form of data poisoning, that can stealthily inject a backdoor into one of the participating models during a single round of Federated Learning training. This attack can avoid proposed defenses and propagate the backdoor to a global server that will distribute the compromised model to other participants.
[PDF] [Code]This project discusses a new trade off between privacy and fairness. We observe that training a Machine Learning model with Differential Privacy reduces accuracy on underrepresented groups.
[NeurIPS, 2019], [Code].A fast and compact cloud-native implementation of containers.
[PDF].