Michele Spagnuolo is an Italian information security engineer known for his contributions to web security and cryptographic analysis. He is recognized for his work at Google as a Staff Information Security Engineer, where he has led significant advancements in web security infrastructure. Spagnuolo has been instrumental in developing systems that enhance the measurability of security across Google's extensive web services and has played a pivotal role in advancing the Content Security Policy (CSP) specifications that protect a substantial portion of the internet from cross-site scripting (XSS) attacks^[1][2].

Early Life and Education

Michele Spagnuolo was born in Italy and pursued his higher education at the Politecnico di Milano, where he completed a Laurea Magistrale in Computer Engineering with honors. He also obtained a Master of Science in Computer Science from the University of Illinois at Chicago, achieving a perfect GPA of 4.0. ^[2] His early academic accomplishments laid the foundation for his future contributions to the fields of web security and blockchain analysis.

Career

Google and Web Security Innovations

At Google, Spagnuolo currently holds a position in Zürich, Switzerland, where he leads the Web Signals and Intelligence area within the Information Security team. He designed and implemented the "Security Signals" system, which measures security across Google’s vast ecosystem of web services processing massive user traffic^[1]. This innovative system provides a comprehensive view of the security posture of web services by collecting security-related data at the HTTP traffic level, which aids in implementing automated security enhancements.

Spagnuolo's influence in web security extends to his co-authorship of the CSP3 W3C specification, incorporating the 'strict-dynamic' keyword to enhance security against XSS attacks. This improvement now safeguards a significant portion of the internet's HTML traffic and exemplifies his impact on improving web standards^[2].

Contributions to Cryptography and Blockchain

In addition to his web security work, Spagnuolo is noted for his contributions to cryptographic research, particularly through his development of "Rosetta Flash," an exploitation technique that earned a Pwnie Award nomination. This tool exploited vulnerabilities in the Adobe Flash SWF format to bypass same-origin policies. He also created "BitIodine," the first open-source Bitcoin blockchain analysis framework, which has been cited in numerous academic publications^[2].

Spagnuolo's expertise is not limited to academic contributions; he serves as an expert witness in legal cases involving blockchain technologies and advises fintech companies on blockchain and security matters.

Polymarket Insider Trading Allegations

In May 2026, Michele Spagnuolo made headlines following his arrest in New York due to allegations of insider trading on the prediction market platform Polymarket. According to U.S. federal prosecutors, he utilized confidential Google data to predict outcomes that would appear on Google's list of most-searched individuals, betting on these outcomes to make significant profits^[3][4][5]. The formal charges against him include commodities fraud, wire fraud, and money laundering, marking a significant case in the regulation of insider trading in prediction markets.

Public Recognition and Awards

Spagnuolo's technical innovations and his contributions to security have earned him several recognitions. He was featured in various security acknowledgments, including earning his place in the Google Security Hall of Fame multiple times. His work on the "Rosetta Flash" also garnered Internet Bug Bounty awards and a Pwnie Award nomination^[2].