I am a Computer Science Ph.D. Student at ETH Zürich in the Secure and Private AI (SPY) Lab, advised by Florian Tramèr. I am interested in the security and privacy of machine learning systems. Most recently, I have been looking into the security of LLM Agents.
Prior to my PhD, I earned a Computer Science M.Sc. at EPFL and a Computer Engineering B.Sc. at the Polytechnic University of Turin.
Outside of my studies, I was Student Researcher in the AI Red Team at Google, I interned as a SWE intern at Bloomberg LP, and as a Research Intern at the armasuisse CYD Campus.
More information can be found on my CV, last updated on 2025/05/21. For a more recent one, feel free to reach out via email.
In my free time, I like all things outdoors, from hiking, to (backcountry) skiing, and sailing.
Ph.D. in Computer Science, 2022 - Ongoing
ETH Zurich - Swiss Federal Institute of Technology, Zürich, Switzerland 🇨🇭
M.Sc. in Computer Science, 2019 - 2022
EPFL - Swiss Federal Institute of Technology, Lausanne, Switzerland 🇨🇭
B.Sc. in Computer Engineering, 2016 - 2019
PoliTo - Politecnico di Torino, Italy 🇮🇹
Current Work
My current work is around the security of AI agents. Some of my recent work in this area includes:
CaMeL: a system-level prompt injection defense that virtually solves the security issue of tool-calling AI agents by design.
AgentDojo: a benchmark for prompt injection attacks and defenses.
Adversarial SEO for LLMs: we showed that you can use prompt-injection attacks to promote your own webpages in LLM-based search engines like Perplexity AI.
News
[07/2025 - Meta Internship] In July, I will start an internship in the GenAI Red Team at Meta.
[04/2025 - SafeBench Prize] AgentDojo got a SafeBench First prize, worth USD 50'000.
[04/2025 - CaMeL is out!] The paper resulting from my intership at Google is finally out. We propose a new method, to solve prompt injections by design.