CyLab

Photo of Professor Jonathan Aldrich giving a lecture at Carnegie Mellon University

Photo of Professor Jonathan Aldrich giving a lecture at Carnegie Mellon University

Many thanks to Prof. @jonathanaldrich.bsky.social, Professor in the @cmus3d.bsky.social and Director of the Software Engineering Ph.D. program, for stopping by CyLab today to share his research on (sub)-structural information flow: a simple, scalable, and general foundation for security reasoning.

Foresight Institute announces 2025 Norm Hardy Prize winners for advances in usable security Foresight Institute is proud to announce the winners of the 2025 Norm Hardy Prize: Dr. Pardis Emami-Naeini, Dr. Lorrie Faith Cranor, and Dr. Yuvraj Agarwal, for their contributions to advancing usable...

Congratulations to Profs. Pardis Emami-Naeini, Lorrie Cranor (@lorriecranor.bsky.social), & Yuvraj Agarwal on being honored w/ Foresight Institute’s Norm Hardy Prize for their contributions to advancing usable security through the development of a layered cybersecurity label for smart home devices!

Photo of David Kohlbrenner giving a classroom lecture at Carnegie Mellon University

Photo of David Kohlbrenner giving a classroom lecture at Carnegie Mellon University

Photo of David Kohlbrenner giving a classroom lecture at Carnegie Mellon University

Many thanks to Professor David Kohlbrenner of the University of Washington for visiting CyLab today to share his research on software #security and transistor physics in aging computer systems.

Data Privacy Day 2026 is underway at the Heinz History Center! Stop by the first floor Great Hall between 10 a.m. and 2 p.m. for a full day of programming. Details and schedule: privacy.cs.cmu.edu/cmu-privacy-...

Security Reasoning via Substructural Dependency Tracking (POPL 2026 - POPL Research Papers) - POPL 2026 /!\ We are aware of a scam travel company reaching out to participants. They are in no way affiliated to POPL, please be careful and always contact the organizers in case of doubt. /!\ Welcome to the ...

Congratulations to CyLab researchers Hemant Gouni, @fpfenning.bsky.social, and @jonathanaldrich.bsky.social on being recognized w/ a Distinguished Paper Award at the 53rd @acm.org SIGPLAN Symposium on Principles of Programming Languages (#POPL2026) in Rennes, France. Read their winning paper below:

CyLab study uncovers 270 million crypto phishing attempts A new study by researchers at Carnegie Mellon University reveals that a little-known but highly effective cryptocurrency scam known as “blockchain address poisoning” has quietly become one of the largest phishing schemes operating on public blockchains today.

Carnegie Mellon researchers analyzed Ethereum and Binance Smart Chain transaction data representing two years of crypto wallet transfers to track a simple but extremely effective phishing scam.

Carnegie Mellon launches summer undergraduate research program to expand pathways into security and privacy Carnegie Mellon University’s Software and Societal Systems Department is inviting undergraduate students from across the country to take part in its Security and Privacy Undergraduate Research (SPUR) ...

. @cmus3d.bsky.social is inviting undergrad students from across the country to take part in its Security & Privacy Undergraduate Research (SPUR) Scholars program, a 10-week immersive experience designed to introduce students to the world of #security & #privacy while helping them explore research:

CyLab’s Sarah Scheffler to discuss new research on age verification technologies at FTC workshop CyLab faculty member Sarah Scheffler, assistant professor in Carnegie Mellon’s Departments of Engineering and Public Policy and Software and Societal Systems, will participate as a panelist at the Fed...

CyLab faculty member Sarah Scheffler will participate as a panelist at the Federal Trade Commission's public, virtual Age Verification Workshop tomorrow, January 28. See full details of Professor Scheffler’s recent age verification research & learn how to register to attend the free workshop below:

Children’s Privacy in a Digital World - National Cybersecurity Alliance We'll take a deep dive into the privacy challenges facing kids, teens, and parents as technology becomes woven into learning, communication, and self-expression

Join Lorrie Cranor (@lorriecranor.bsky.social), CyLab Director, on Tuesday, January 27 at 2:30 p.m. ET for a Data Privacy Week webinar sponsored by the National Cybersecurity Alliance, on the topic of children’s #privacy in a digital world. See full details and register to attend below:

UPDATE: due to the anticipated winter storm, Data Privacy Day is being postponed one week to Sunday, February 1 from 10 a.m. to 2 p.m. at the Heinz History Center's first floor Great Hall. Please see full details below:

Bauer named 2025 ACM Fellow Lujo Bauer, professor of electrical and computer engineering and of computer science, has been named a 2025 Association for Computing Machinery (ACM) Fellow for contributions to access control, usable...

Professor @lujobauer.bsky.social of @cmu-ece.bsky.social and @cmus3d.bsky.social has been named a 2025 @acm.org ACM Fellow for contributions to access control, usable #security and #privacy, and the security of machine learning.

Carnegie Mellon brings International Data Privacy Day to the Heinz History Center on January 25 On January 25, Carnegie Mellon University’s Privacy Engineering program will take its annual celebration of International Privacy Day beyond campus and into the heart of the city, hosting a free, fami...

Join @cmus3d.bsky.social’s Privacy Engineering program and the Heinz History Center for Data Privacy Day on Sunday, January 25 from 10 a.m. to 2 p.m. at the Heinz History Center’s first floor Great Hall. See full details below: www.cylab.cmu.edu/news/2026/01...

Check out the latest @anthropic.com updates on CyLab Venture Network Startup Partner Incalmo:

Rahul Telang, Professor at Heinz College, spoke with the @huffpost.com about why everyday users should take digital privacy more seriously. The article explains how VPNs create encrypted connections that hide IP addresses and protect online activity. www.huffpost.com/entry/proton...

Teaching kids about privacy The book "Privacy Please" starts the conversation about phones and technology with kids.

#ICYMI: Watch Professor Lorrie Cranor (@lorriecranor.bsky.social), @cylab.bsky.social Director, chat with Mikey Hood and Heather Abraham of KDKA’s TALK PITTSBURGH about her new children’s book “Privacy, Please!” and share strategies for teaching kids about #privacy:

The book that could change how kids learn about digital privacy 'Privacy, Please!' offers a 4-year-old-friendly take on avoiding surveillance from grown-ups—or your annoying sibling.

“It’s okay to say you don’t want your picture taken, and this is a struggle for parents.”

@lorriecranor.bsky.social, @cylab.bsky.social Director, talks to @robpegoraro.com of @fastcompany.com about some of the takeaways for parents and educators from her new children's book, “Privacy Please!”

Decorative image of a New Year's greeting featuring the CyLab logo

Happy New Year from all of us at CyLab!

Lorrie Cranor: Why Security Fails Real People Dr. Lorrie Cranor⁠, Director of the CyLab Security and Privacy Institute at Carnegie Mellon University joins Ann Johnson, Corporate Vice President, Microsoft, on this week's episode of Afternoon Cyber Tea to discuss the critical gap between security design and real-world usability. They explore why security tools often fail users, the ongoing challenges with passwords and password less authentication, and how privacy expectations have evolved in an era of constant data collection. Dr. Cranor emphasizes the importance of user-centered design, practical research, behavioral insights, and simpler, more transparent systems to help CISOs build security programs that truly work for people.

Professor @lorriecranor.bsky.social, @cylab.bsky.social Director, chats with @ajohnsocyber.bsky.social, Corporate Vice President of @microsoft.com, about the critical gap between #security design and real-world #usability for @security.microsoft.com's #AfternoonCyberTea podcast:

Carnegie Mellon University earns top national rankings in cybersecurity education Carnegie Mellon University has been recognized as a national leader in cybersecurity education, earning the No. 1 ranking for undergraduate cybersecurity programs in the 2026 U.S. News & World Report ...

.@usnews.com and @fortune.com have ranked @cmu.edu number 1 on their lists of the best #cybersecurity academic programs. See full details below and learn more about CMU's #security and #privacy undergraduate and graduate offerings:

Analysis | This new children’s book is a bedtime story for the AI age With “Privacy, Please!” a longtime cybersecurity expert wants preschoolers to start learning about digital privacy.

“By teaching young children about #privacy, we can help them understand that their boundaries matter.”

Professor Lorrie Cranor (@lorriecranor.bsky.social), @cylab.bsky.social Director, chats with @shiraovide.bsky.social of @washingtonpost.com about her new book, “Privacy, Please!”:

Tune in December 5 at 12 p.m. ET as Lorrie Cranor (@lorriecranor.bsky.social), CyLab Director, chats w/ Jules Polonetsky of Future of Privacy Forum about her new children's book "Privacy, Please!" and shares tips for teaching kids about #privacy in ways that feel safe, healthy, and age-appropriate.

New children’s book from CyLab privacy scholar helps young children understand why privacy matters Lorrie Cranor's new book "Privacy, Please!," illustrated by Alena Karabach, offers families a gentle and engaging way to talk to children ages 4 to 6 about personal boundaries, independence, and digit...

“Privacy, Please!”, @cylab.bsky.social Director Lorrie Cranor's (@lorriecranor.bsky.social) new children’s book, offers families of 4- to 6-year-olds a gentle and engaging way to talk about personal boundaries, independence, and digital safety.

#privacy

Beyond the fine print Led by Lorrie Cranor, CyLab director, a team of researchers recently set out to explore how digital platforms can better empower users to make informed privacy decisions

"Something as simple as the words that label a button or a default setting can have a huge effect on what people do."

I'm recruiting PhD students at CMU! Come work with me!

Image of the cover artwork from the 2024-2025 CyLab Year-in-Review

Each year, @cylab.bsky.social publishes the CyLab Year-In-Review, showcasing some of our exciting research highlights and other #security and #privacy related activities from the previous year. Check out the 2024-2025 publication, and DM us to request a hard copy: www.cylab.cmu.edu/about/year-i...

Applications open for CMU Ph.D. programs in cybersecurity and privacy Carnegie Mellon University offers several Ph.D. programs that attract students interested in pursuing research careers in security and privacy.

. @cmu.edu is currently accepting applications for enrollment in Ph.D. programs in #cybersecurity and #privacy. Here’s what prospective #PhD students need to know to choose where to apply:

CyLab faculty share their insights at the 2025 Global Cybersecurity Forum Three faculty members from Carnegie Mellon University’s CyLab Security and Privacy Institute participated in panels at the Global Cybersecurity Forum’s (GCF) 2025 Annual Meeting.

CyLab faculty members @nc2y.bsky.social, Hanan Hibshi, and Norman Sadeh served as featured panelists at the Global Cybersecurity Forum’s (GCF) 2025 Annual Meeting. Learn more about the insights they shared on public-private investment models, empowering women in #cybersecurity, and converging tech:

Fredrikson receives Test of Time Award Carnegie Mellon University's Matt Fredrikson has received the 2025 ACM Conference on Computer and Communications Security (CCS) Test-of-Time Award, honoring research with enduring impact in computer a...

Professor Matt Fredrikson of the @csdatcmu.bsky.social and @cmus3d.bsky.social recently received the 2025 @acm.org Conference on Computer and Communications Security (CCS) Test of Time Award, honoring research with enduring impact in computer and communications security.

. @cmu.edu spinoff Mayhem Security, formerly #ForAllSecure, has been acquired by @bugcrowd.com. Congratulations!

Photo of Serge Egelman giving a lecture at the 2025 CyLab Partners Conference

Photo of Lorrie Cranor, CyLab Director, presenting the 2025 CyLab Distinguished Alumni Award to Serge Egelman

Photo of Riccardo Paccagnella giving a lecture at the 2025 CyLab Partners Conference

Photo of Rose Silver giving a lecture at the 2025 CyLab Partners Conference

Day 2 of the @cylab.bsky.social Partners Conference has featured some insightful talks on system and hardware security, #crypto, and #blockchain, as well as the CyLab Distinguished Alumni Award lecture by Serge Egelman (@v0max.bsky.social), Founder and Chief Scientist at AppCensus.