Course Overview
This seminar explores foundational and applied aspects of privacy and security in machine learning and modern AI systems. Topics are still changing as of 1/20/2026. They currently include model inversion attacks, membership inference attacks, differential privacy, unlearning, adversarial samples in ML, jailbreaking of LLMs, data poisoning, backdoors and watermarking.
Weekly Blitz
Every week, each student must select one related paper of their choice and provide a five minute overview in class. You should use the appropriate discord channel to claim a paper title each week. You cannot pick a paper that someone else has already chosen, but you may choose one from the suggested reading list. You can post images for reference during the blitz in the same channel.
Schedule
| Date | Topic | Required Readings | Suggested Readings |
|---|---|---|---|
| Jan 22 | Differential Privacy (DP) foundations | The
book [Abadi+:CCS16] |
|
| Jan 29 | Membership Inference attacks | [Shokri+:Usenix17] [Carlini+:SP22] |
[Ye+:CCS22] [ZDKT:SATML25] [CTCP:PLMR21] [Brown+:STOC21] |
| Feb 5 | Class over
Zoom Inference attacks against LLMs |
[Shi+:ICLR23][Wen+:CCS24] | |
| Feb 12 | Maybe DP doesn’t work? | [JE:Usenix19] Blitz! |
[Rahman+:TDP18] [Nasr+:SP21] [JUO:NeuRIPS20] |
| Feb 19 | No class | ||
| Feb 26 | Making DP work? | [BWDL:TMLR24] [Carlini+:Usenix19] [VaultGemma] |
[WBK:PMLR19] [Papernot:ICLR18] |
| Mar 5 | Model Inversion attacks | [FLJ:Usenix14] [FJR:CCS15] |
[PXS:Arxiv25] |
| Mar 12 | Spring Break | ||
| Mar 19 | Evasion attacks | [GSS:ICLR15] [Xiao+:IJCAI18] |
[Eykholt+:CVPR18] |
| Mar 26 | Defenses against adversarial attacks | ||
| April 2 | Jailbreaking LLMs | [Zou+:Arxiv23] | |
| Apr 9 | Backdoors | [GKVZ:FOCS22] | |
| Apr 16 | Unlearning | [GGMV:PETS22] | |
| Apr 23 | Watermarking | [Kirchenbauer+:PMLR23] [Zhang+:ICML24] |
|
| Apr 30 | Watermarking | [GM:NeurIPS24] | [AACDG:STOC25] |
| May 7 | Final Exam |