Christian Wressnegger

Hello security researchers! Like it or not, agentic AI is here. It’s time to explore its impact on novel, academic research in cybersecurity. To this end, we’re launching the Conference for Synthetic Security Research (https://synsec.org). Researchers, start your agents!

Almost in Karlsruhe for this talk. Looking forward to some great discussions with the KIT crypto and security community.

Although we had secretly planned a small extension, we realized that the initial deadline was off by one… month 😵‍💫 Thus, we are now extending the submission deadline for the "Explainable AI and Security" (XAISEC) workshop:

🌐 https://xaisec-workshop.org
⏱️Deadline: J̶a̶n̶ ̶2̶9̶t̶h̶ Feb 26th, 2026 (AoE)

went back and grabbed the full video of her intro. absolutely incredible

🇮🇹🍝👩‍🍳🤌🇮🇹🍝👩‍🍳🤌🇮🇹🍝👩‍🍳🤌🇮🇹🍝👩‍🍳🤌

Francesco and I have a special Christmas gift for you 🎁🎅 With the help of @kastel-labs.bsky.social, we've started a new workshop on "Explainable AI and Security" co-located with EuroS&P 2026, for which we seek submissions. Details at:

🌐 https://xaisec-workshop.org
⏱️Deadline: Jan 29th, 2026 (AoE)

Leibniz-Preis für Klaus-Robert Müller TU-Forscher und Co-Direktor des BIFOLD wird mit dem renommiertesten Forschungsförderpreis in Deutschland geehrt / Fördersumme 2,5 Millionen Euro.

🎉 Herzlichen Glückwunsch, Klaus-Robert Müller! Der #TUBerlin- Wissenschaftler und Direktor von @bifold.berlin erhält den renommierten Leibniz-Preis der @dfg.de. Er gilt als Pionier des Maschinellen Lernens und prägt die interdisziplinäre #KI- Forschung seit Jahrzehnten. (1/2)
Weiterer Infos 👇

Welcome to BIFOLD. The computer scientist Prof. Dr. Christian Wressnegger from Karlsruhe Institute of Technology strengthens BIFOLD’s expertise at the intersection of AI, data management, and IT security.

www.bifold.berlin/news-events/...

@chwress.bsky.social @tuberlin.bsky.social @kit.edu

Looking forward to have @gianlucastringhini.com over at @kit.edu for our beloved distinguished lecture series 🤗 🥳

Please, reach out to Vera and me if you have any questions.

CC: @kastel-labs.bsky.social @kitinformatik.bsky.social @kit.edu #KITKarlsruhe

You prefer to organize your workshop in Europe? We've got you covered! We extended the call for workshops at EuroS&P 2026 to give you a few more days to make the move 😎 See you in Lisbon 🇵🇹

🌐 https://eurosp2026.ieee-security.org/cfw.html
⏱️ Deadline: Oct 2̶4̶t̶h̶ 30th AoE
📍Lisbon, PT

You are an Early Career Researcher in #cybersec? Here is an opportunity: The AEC chairs of @USENIXSecurity '26 are looking for (self)nominations for the Artifact Evaluation Committee. Deadline: October 17th, 2025, so sign up soon!
@chwress.bsky.social, @kumarde.bsky.social, @aurore-fass.bsky.social

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...

Vera Rimmer (DistriNet, KU Leuven) and I are chairing the selection. Please, reach out to us if you have any questions.

CC: @kastel-labs.bsky.social @kitinformatik.bsky.social @kit.edu #KITKarlsruhe

The call for workshops at EuroS&P 2026 is officially open!
EuroS&P is the premier, European forum for security & privacy research. The main conference is accompanied by a series of workshops. Be part of it! 😎

🌐 https://eurosp2026.ieee-security.org/cfw.html
⏱️ Deadline: Oct 24th AoE
📍Lisbon, PT

We are expanding our social media presence! Find us on LinkedIn, Instagram @kitcybersec and Mastodon @kitcybersec@social.kit.edu. Stay tuned for regular updates on events and information on #CyberSec at #KITKarlsruhe. While you are here, have you checked out our website cybersec.kcist.kit.edu yet?

Congratulations to USENIX Security 2025 AE:
🏆 Distinguished Artifact Awards
🏆 Distinguished Reviewer Awards
⭐ Noteworthy Reviewer Recognition
🥷 Ninja Reviewer Recognition
secartifacts.github.io/usenixsec202...

And thank you all for your help!

CC @pvadrevu.bsky.social Tiago Heinrich

Max is currently in Hanoi, Vietnam and will present the paper today. Make sure not to miss it if you are at the conference.

🕚 August 27th 11:00 local time right after the break
📍 Session 2, Ballroom 2

(3/3)

Also this project started out as a Master's thesis @kit.edu @kitinformatik.bsky.social @kastel-labs.bsky.social
Karl did an amazing job 💪 He pushed super-hard for the best possible result, which eventually was accepted at AsiaCCS 2025. Congratz again 🥳🎉

(2/3)

LLM-powered code assistants might suggest vulnerable code to specific user groups. Old news? Well, in contrast to prior attacks of this kind, our "Generalized Adversarial Code Suggestions" (AsiaCCS 2025) impose no restrictions on the vulnerabilities.

🌐 https://intellisec.de/research/adv-code

(1/3)

Yikes. Turns out you can send a plaintext radio signal to cause any train in the USA to do an emergency break. The original 'security' was just a checksum, no encryption or authentication. Reporting this took them 12 years (!) because the vendor dismissed it initially www.cisa.gov/news-events/...

Haven't seen this on Bluesky yet: S&P 2027 will take place in Montreal, Canada!

LLMs can't stop making up software dependencies and sabotaging everything : Hallucinated package names fuel 'slopsquatting'

LLMs hallucinating nonexistent software packages with plausible names leads to a new malware vulnerability: "slopsquatting."

I will be giving a talk at the MPI-IS @maxplanckcampus.bsky.social in Tübingen next week (March 12 @ 11am). The talk will cover my group's overall approach to trust in ML, with a focus on our work on unlearning and how to obtain verifiable guarantees of trust.

Details: is.mpg.de/events/speci...

Next week Tuesday, March 11th 2025, we are going to have another Security & Privacy Lunch 🍔 We meet at 12:00 at Oxford Pub https://www.oxfordpub.de/

Everybody is welcome. See you there! 🤗

GitHub - two-heart/dumpling-artifact-evaluation Contribute to two-heart/dumpling-artifact-evaluation development by creating an account on GitHub.

💻 Code available at: github.com/two-heart/du...

Wow, this is massive! What started out as a Master's thesis @kit.edu @kastel-labs.bsky.social ended up with a distinguished paper award at #NDSS2025 🥳🎉

🗞️ intellisec.de/pubs/2025-nd...

Congrats Liam and Julian 💪🥟, and thank you @gannimo.bsky.social and @tregua.bsky.social for the collaboration!

Qi is going to present our method, HARVEY, in Philadelphia at #AAAI2025 on Sunday March 2, 2pm. See you there! 😎 (5/5)

🌐 https://aaai.org/conference/aaai/aaai-25/program-overview/

In doing so, we not only excel in backdoor removal with a *worst case* remaining ASR of 0.48% (on Tiny-ImageNet with a ResNet34) but also in maintaining accuracy on the primary task of 56.65% (no defense) and 56.31% (HARVEY) *in the worst case* across different backdooring attacks. (4/5)

Our method refines this reference model thru a combination of splitting poisonous and benign samples, learning on poisonous and unlearning benign samples, and splitting the dataset again over multiple rounds. Eventually, we use the samples from the final split to train a perfectly benign model (3/5)

The idea is to remove poisonous samples that might introduce a backdoor during training. While learning a benign model is difficult in this setting, it is rather easy to learn a strongly backdoored model. This strongly backdoored model can serve as an oracle to find poisonous samples (2/5)