Elie Bursztein

Elie Bursztein, (born 1980) is a French computer scientist and software engineer. He is Google and DeepMind AI cybersecurity technical and research lead.

Education and early career
Bursztein obtained a computer engineering degree from EPITA in 2004, a master's degree in computer science from Paris Diderot University/ENS in 2005, and a PhD in computer science from École normale supérieure Paris-Saclay in 2008 with a dissertation titled Anticipation games: Game theory applied to network security.

Before joining Google, Bursztein was a post-doctoral fellow at Stanford University's Security Laboratory, where he collaborated with Dan Boneh and John Mitchell on web security, game security,  and applied cryptographic research. His work at Stanford University included the first cryptanalysis of the inner workings of Microsoft's DPAPI (Data Protection Application Programming Interface), the first evaluation of the effectiveness of private browsing, and many advances to CAPTCHA security  and usability.

Bursztein has discovered, reported, and helped fix hundreds of vulnerabilities, including securing Twitter's frame-busting code, exploiting Microsoft's location service to track the position of mobile devices, and exploiting the lack of proper encryption in the Apple App Store to steal user passwords and install unwanted applications.

Career at Google
Bursztein joined Google in 2012 as a research scientist. He founded the Anti-Abuse Research Team in 2014 and became the lead of the Security and Anti-Abuse Research teams in 2017. In 2023, he became Google and DeepMind AI cybersecurity technical and research lead.

Bursztein's contributions at Google include:
 * 2022 Creating the first post quantum resilient security keys.
 * 2020 Developing a deep-learning engine that helps to block malicious documents targeting Gmail users.
 * 2019 Inventing Google's password-checking service Password Checkup that allows billion of users to check whether their credentials have been compromised due to data breaches while preserving their privacy.
 * 2019 Developing Keras tuner which became the default hypertuner for TensorFlow and TFX.
 * 2018 Conducting the first large-scale study on the illegal online distribution of child sexual abuse material in partnership with NCMEC.
 * 2017 Finding the 1st SHA-1 full collision.
 * 2015 Deprecating security questions at Google after completing the first large in-the-wild study on the effectiveness of security questions, which showed that they were both insecure and had a very low recall rate.
 * 2014 Redesigning Google CAPTCHA to make it easier for humans, resulting in a 6.7% improvement in the pass rate.
 * 2013 Strengthening Google accounts protections against hijackers and fake accounts.

Best academic papers awards

 * 2023 ACNS best workshop paper award for Hybrid Post-Quantum Signatures in Hardware Security Keys
 * 2021 USENIX Security distinguished paper award for "Why wouldn't someone think of democracy as a target?": Security practices & challenges of people involved with U.S. political campaigns
 * Bursztein 2019 USENIX Security distinguished paper award for Protecting accounts from credential stuffing with password breach alerting
 * 2019 CHI best paper award for “They don’t leave us alone anywhere we go”: Gender and digital abuse in South Asia
 * 2017 Crypto best paper award for The first collision for full SHA-1
 * 2015 WWW best student paper award for Secrets, lies, and account recovery: Lessons from the use of personal knowledge questions at Google
 * 2015 S&P Distinguished Practical Paper award for Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
 * 2011 S&P best student paper award for OpenConflict: Preventing real time map hacks in online games
 * 2008 WISPT best paper award for Probabilistic protocol identification for hard to classify protocol

Industry awards

 * 2019 Recognized as one of the 100 most influential French people in cybersecurity
 * 2017 BlackHat Pwnie award for the first practical SHA-1 collision
 * 2015 IRTF Applied Networking Research Prize for Neither snow nor rain nor MITM … An empirical analysis of email delivery security
 * 2010 Top 10 Web Hacking Techniques for Attacking HTTPS with cache injection

Philanthropy
In 2023 Elie founded the Etteilla Foundation dedicated to preserving and promoting the rich heritage of playing cards and donated his extensive collection of historical playing cards decks and tarots to it.

Trivia
Bursztein is an accomplished magician and he posted magic tricks weekly on Instagram during the 2019 pandemic.

In 2014, following his talk on hacking Hearthstone using machine learning, he decided not to make his prediction tool open source at Blizzard Entertainment’s request.