Hello! 👋 I’m an incoming tenure-track faculty at CISPA starting in January 2026.

I study privacy and security in data-driven systems. I build tools to systematically reason about the trade-offs between general-purpose capabilities in these systems and their privacy and security requirements. I’m interested in the following topics:

• Evaluating capabilities of AI systems, e.g., image generative AI [1] and client-side scanning systems [3, 6].
• Designing tools to measure and enhance the privacy and utility of privacy-enhancing technologies like synthetic data [7], query-based systems [5, 15], and anonymization [4].

I’m looking for motivated students with a strong background in computer science, applied mathematics or statistics. If you’re interested in working in my lab as a PhD student, PostDoc, or research intern (including master thesis), fill out this form.

Previously, I was a postdoc in the SPRING Lab at EPFL, headed by Prof. Carmela Troncoso, where I was awarded a CYD Distinguished Postdoctoral Fellowship by the Cyber-Defense Campus. I completed my PhD in the Computational Privacy Group at Imperial College London, advised by Dr. Yves-Alexandre de Montjoye. During my PhD, I developed methods to evaluate the privacy of a broad range of privacy mechanisms such as anonymization, query-based systems, and synthetic data. I have focused on automation, scalability, tightness of evaluation, and practical relevance of threat models, with the goal of making privacy evaluations more accessible to practitioners. I also developed new privacy attacks against machine learning models and studied the adversarial robustness of client-side scanning.

News

12/09/2025: Attending the Summer School on Security and Privacy in the age of AI in Leuven, Belgium. I also gave a talk at KULeuven’s COSIC group.

30/08/2025: I gave an invited lecture for the Privacy Enhancing Technologies course at KIT in Karlsruhe, Germany.

14/03/2025: Super excited to have attended a Dagstuhl seminar on PETs and AI: Privacy Washing and the Need for a PETs Evaluation Framework!

13/02/2025: Gave two invited talks about my work at the Applied Machine Learning Days event in Lausanne.

More news here.

Publications

Preprints

1. Creţu, A. M., Kireev, K., Abdalla, A.., Obinna, W., Meier, R., Bargal, S. A., Redmiles, E., & Troncoso, C. Evaluating Concept Filtering Defenses against Child Sexual Abuse Material Generation by Text-to-Image Models. [arXiv]
2. Kireev, K.*, Creţu, A. M.*, Meier, R., Bargal, S. A., Redmiles, E., & Troncoso, C. A Manually Annotated Image-Caption Dataset for Detecting Children in the Wild. [arXiv] [Dataset]

Peer-reviewed articles

* denotes joint first authorship.

1. Stevanoski, B., Cretu, A.-M. and de Montjoye Y.-A. QueryCheetah: Fast Automated Discovery of Attribute Inference Attacks Against Query-Based Systems. To appear in ACM CCS 2024. [Paper] [Code] 🏆 Distinguished paper award
   • Presented as a poster at the TPDP '24 workshop in Boston, MA, USA.
2. Gadotti, A., Rocher, L., Houssiau, F., Crețu, A.-M. and de Montjoye Y.-A. Anonymization: The imperfect science of using data while preserving privacy. In Science Advances, 2024. [Paper]
3. Crețu A.-M.*, Guépin F.* and de Montjoye Y.-A. Correlation inference attacks against machine learning models. In Science Advances, 2024. [Paper] [Code]
4. Guan, V.*, Guépin, F.*, Crețu A.-M. and de Montjoye Y.-A. A Zero Auxiliary Knowledge Membership Inference Attack on Aggregate Location Data. In Proceedings on Privacy Enhancing Technologies 2024(4) (PoPETS 2024). [Paper]
5. Cretu A.-M., Jones, D., de Montjoye Y.-A., and Tople, S. Investigating the Effect of Misalignment on Membership Privacy in the White-box Setting. In Proceedings on Privacy Enhancing Technologies 2024(3) (PoPETS 2024). [Paper] [Code]
6. Cretu A.-M.*, Rusu, M.*, and de Montjoye Y.-A. Re-pseudonymization Strategies for Smart Meter Data Are Not Robust to Deep Learning Profiling Attacks. In Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy (CODASPY '24). [Paper] [Extended arXiv version] 🏆 Best paper award
7. Cretu A.-M. Evaluating privacy and robustness in modern data processing systems. PhD Thesis, Imperial College London (2023). [Thesis]
8. Guépin, F.*, Meeus, M.*, Crețu A.-M., and de Montjoye Y.-A. Synthetic is all you need: removing the auxiliary data assumption for membership inference attacks against synthetic data. In 18th DPM International Workshop on Data Privacy Management (DPM 2023). [Paper] [Code]
9. Meeus, M.*, Guépin, F.*, Crețu A.-M., and de Montjoye Y.-A. Achilles' Heels: Vulnerable Record Identification in Synthetic Data Publishing. In 28th European Symposium on Research in Computer Security (ESORICS 2023). [Paper] [Code]
10. Jain S., Crețu A.-M., Cully, A. and de Montjoye Y.-A. Deep perceptual hashing algorithms with hidden dual-purpose: when client-side scanning does facial recognition. In 2023 IEEE Symposium on Security and Privacy (SP). [Paper]
    • Featured in Imperial News and Le soir.
    • Cited as evidence in the Open Letter from Security and Privacy Researchers in relation to the Online Safety Bill.
11. Crețu A.-M.*, Houssiau, F.*, Cully, A. and de Montjoye Y.-A. QuerySnout: Automating the discovery of attribute inference attacks against query-based systems. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS '22). [Paper] [Extended arXiv version] [Code]
12. Crețu A.-M., Monti F., Marrone S., Dong X., Bronstein M. and de Montjoye Y.-A. Interaction data are identifiable even across long periods of time. Nature Communications 13, 313 (2022). [Paper]
    • Presented at the ACM CCS Privacy Preserving Machine Learning 2021 workshop (PPML 2021). Contributed talk.
    • Presented at the NeurIPS Privacy and Machine Learning 2021 workshop (PriML 2021).
    • Featured in TechCrunch and Science News.
13. Jain S.*, Crețu A.-M.* and de Montjoye Y.-A. Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning. 31st USENIX Security Symposium (USENIX Security 22) [Paper] [Extended arXiv version] [Code]
    • Cited by Ofcom (UK's communications regulator) in their Overview of Perceptual Hashing Technology report.
    • Presented at the NeurIPS Privacy and Machine Learning 2021 workshop (PriML 2021).
    • Presented at the Conference on Applied Machine Learning for Information Security 2021 (CAMLIS 2021). Oral presentation.
    • Presented as a talk at the 14th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETS 2021).
    • Featured in Imperial College London News and Le soir.
14. Kocijan V., Camburu O.-M., Crețu A.-M., Yordanov Y., Blunsom P. and Lukasiewicz T. WikiCREM: A Large Unsupervised Corpus for Coreference Resolution. Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP) (2019) [Paper]
15. Kocijan V., Crețu A.-M., Camburu O.-M., Yordanov Y. and Lukasiewicz T. A Surprisingly Robust Trick for the Winograd Schema Challenge. Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics (ACL 2019) [Paper]

Awards and scholarships

• I am a recipient of the Cyber-Defense Campus (CYD) Distinguished Postdoctoral Fellowship, which generously supports my postdoctoral position in the SPRING Lab at EPFL.
• I am a recipient of the USENIX '22 Diversity grant, which generously supported my trip to the conference in Boston.
• I am a recipient of the EPFL Excellence Fellowship (awarded to students with outstanding academic records), which generously supported my MSc studies at EPFL.
• My studies in France were supported by a competitive 2-year full scholarship from the Fondation Odon Vallet and by a 2.5-year scholarship from the Fondation de l'Ecole Polytechnique.
• I was born and grew up in Buzău, Romania. There, I participated in many mathematics contests, including the Romanian National Olympiad, where I won one gold medal, three silver medals, and one bronze medal.