Model distillation is a key innovation enabling the acceleration of AI, turning large general models into small and specialized models used across the industry. However, distillation techniques can also be used to steal critical model capabilities, representing a significant threat to the intellectual property and integrity of Google DeepMind's foundational models.
Requirements
- Demonstrated research or product expertise in a field related to model security, adversarial ML, post-training, or model evaluation.
- Experience designing and implementing large-scale ML systems or counter-abuse infrastructure.
- Deep expertise in one or more of the following areas: model distillation, model stealing, security, memorization, Reinforcement Learning, Supervised Fine-Tuning, or Embeddings.
- Proven experience in Adversarial Machine Learning, with a focus on designing and implementing model defenses.
- Strong software engineering skills and experience with ML frameworks like JAX, PyTorch, or TensorFlow.
- A track record of landing research impact or shipping production systems in a multi-team environment.
Responsibilities
- Research Defense Strategies: Research techniques to detect distillation and techniques to actively defend against distillation.
- Deploy Detection & Mitigation Systems: Design and build systems that detect abd mitigate unauthorized capability extraction.
- Evaluate Impact: Rigorously measure the effectiveness of defense mechanisms, balancing the trade-offs between model robustness, defensive utility, and core model performance.
- Collaborate and Publish: Work closely with world-class researchers across GDM, Google, and the industry to publish groundbreaking work, establish new benchmarks, and set the standard for responsible AI defense.
Other
- Ph.D. in Computer Science or a related quantitative field, or a B.S./M.S. in a similar field with 2+ years of relevant industry experience.
- Current or prior US security clearance.
- We are looking for a creative and rigorous research scientist, research engineer, or software engineer who is passionate about trailblazing the critical field of model defense.
- You thrive on ambiguity and are comfortable working across the spectrum of security—from thinking like an adversary to building proactive protections.
- You are driven to build robust systems that protect the future of AI development.
