Moderator: Dylan Gilbert, IAPP; Panelists: Sri Pravallika Maddipati, Google; Nathalie Baracaldo, IBM Research; Gary Young, Google
As AI systems mature from experimental prototypes into long-lived production infrastructure, many organizations are discovering a new form of technical debt: AI architecture debt. This debt accumulates when privacy, governance, and data-minimization principles are "bolted onto" AI systems after deployment rather than "baked into" their foundations. The result is fragile compliance, opaque data provenance, and costly retrofits whenever regulations, models, or data flows change. This talk proposes a refactoring mindset for AI infrastructure and examines the AI architecture debt through a privacy engineering lens, focusing on how design decisions around data pipelines, model lifecycles, observability, and deployment patterns can either compound or reduce long-term privacy risk. We will explore practical strategies for re-architecting AI platforms to support sustainable privacy outcomes, including modular data boundaries, privacy-aware model interfaces, and infrastructure patterns that make privacy guarantees resilient to future change.
As Senior Fellow for Privacy Engineering, Dylan Gilbert expands and elevates the IAPP’s engagement with the technical design and implementation of governance across digital systems, spanning privacy, Artificial Intelligence, and digital responsibility. Dylan joined the IAPP from the U.S. National Institute of Standards and Technology, where he led the Privacy Engineering Program. At NIST, he advanced the development of privacy risk management processes, led the program’s engagement in international standards bodies, and oversaw the Privacy-Enhancing Technologies Testbed. Prior to NIST, Dylan led privacy advocacy at Public Knowledge as Policy Counsel, where he also supported work on copyright, cybersecurity, and other tech policy issues. He holds a J.D. from The George Washington University Law School and a B.A. from The College of William and Mary.
Sri Pravallika is a Privacy Engineer within Google's Search Privacy team, where she focuses on the intersection of large-scale AI development and data protection. Dedicated to keeping billions of users safe, Sri specializes in operationalizing "privacy-by-design" and building robust privacy threat models for complex AI user journeys. Before joining Google, Sri was the first Privacy Engineer at Autodesk, where she built the company's privacy assessments and metrics program from the ground up. Her career began at PwC, helping Fortune 500 companies navigate Security GRC programs and maturity assessments. Sri holds a Master's degree in Cybersecurity from Northeastern University and a Bachelor's in Computer Science.
Nathalie Baracaldo is a Senior Research Scientist and Master Inventor at IBM Research in San Jose, California. Her research currently focuses on safeguarding generative AI models through a variety of techniques, including unlearning and alignment. She has extensive experience delivering impactful machine learning solutions that are highly accurate, withstand adversarial attacks, and protect data privacy. She served as the primary investigator for the DARPA GARD program, where her focus was to ensure her team extended and maintained the Adversarial Robustness Toolbox (ART) to support red teaming evaluations. She also led the IBM federated learning effort and co-edited the book "Federated Learning: A Comprehensive Overview of Methods and Applications" Springer, 2022. In 2020 and 2021, she received the IBM Master Inventor distinction and the Corporate Technical Recognition, respectively. Her research has been published in top conferences in the fields of AI and Security, and has received multiple best paper awards and numerous citations. She received her doctorate degree from the University of Pittsburgh.
Gary Young is a Distributed Systems Engineer who has focused on Privacy, Security, and Compliance at Google since 2007. Focus areas have included access control, purpose limitations, identity, consent, sharing, data deletion, law enforcement access, onward transfer, software build of materials, and underpinning corporate governance. Most recently, applying AI to go beyond detection of problems to transparent coding automation for fixing issues in product implementation.
author = {Dylan Gilbert and Sri Pravallika Maddipati and Nathalie Baracaldo and Gary Young},
title = {Panel: The {AI} Architecture {Debt{\textemdash}Refactoring} Infrastructure for Sustainable Privacy},
year = {2026},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}