When: February 16-18, 2026
Where: UCT, Cape Town, South Africa
We are inviting applications from graduate students and researchers in the areas of Computer Science and Cybersecurity with a focus on AI. During our annual scientific event, students will have the opportunity to follow one week of scientific talks and workshops, present their own work during poster sessions and discuss relevant topics with fellow researchers and expert speakers. This year's edition is in collaboration with UCT, Cape Town and will take place in South Africa.
Application Process: Please fill in our online application form.
Notification of Acceptance: We will notify you via email.
Fee: none
Deadline for Regular Application: February 09, 2026.
Program
Invited Speakers
Daniel Arp, TU Wien
Title: Pitfalls in AI for Security
Abstract: Advances in computational power and the proliferation of massive datasets have propelled artificial intelligence (AI) to achieve major breakthroughs across a wide spectrum of applications—from image recognition and natural language processing to autonomous systems and scientific discovery. Yet when AI techniques are applied to security, they encounter a host of subtle pitfalls that can seriously undermine performance and, in the worst case, render learning-based systems unsuitable for real-world deployment. In this lecture, we will take an in-depth look at these pitfalls and explore how they manifest in various security domains, such as malware detection and vulnerability discovery, where they frequently lead to inflated assessments of system effectiveness. We’ll survey illustrative case studies drawn from academic literature to gauge the prevalence of these issues and, finally, discuss recommendations for avoiding them when designing experiments.
Bio: Daniel Arp is a tenure-track Assistant Professor in the Security and Privacy Research Unit at Technische Universität Wien. Previously, he held a postdoctoral research position at TU Berlin and a visiting research position at University College London and King’s College London. He received his Ph.D. with honours in Computer Science from TU Braunschweig. Additionally, he holds a master’s degree in Computer Engineering from TU Berlin. Daniel’s research interests encompass the development of learning-based methodologies to fortify the security and privacy of systems.
Kathrin Grosse, IBM
Title: From AI Vulnerabilities to AI Security Incident Reporting and Beyond
Abstract: In this talk, we revisit the evidence of vulnerabilities and exploits within the realm of Artificial Intelligence, encompassing both traditional AI and Large Language Models (LLMs). Such vulnerabilities necessitate prevention, which we suggest could be handled by incident reporting. Such a procedure has been established in non-AI security - yet AI security warrants special treatment due to AI being versatile, and AI models differ significantly from software with vulnerabilities. However, a significant challenge is not just the lack of a standardized reporting framework, but also a knowledge gap among practitioners. Even when they are aware of the risks, many lack the practical guidance needed to effectively evaluate and secure their models. Our discussion will thus also cover how to threat model real-world applications using AI.
Bio: In this talk, we revisit the evidence of vulnerabilities and exploits within the realm of Artificial Intelligence, encompassing both traditional AI and Large Language Models (LLMs). Such vulnerabilities necessitate prevention, which we suggest could be handled by incident reporting. Such a procedure has been established in non-AI security - yet AI security warrants special treatment due to AI being versatile, and AI models differ significantly from software with vulnerabilities. However, a significant challenge is not just the lack of a standardized reporting framework, but also a knowledge gap among practitioners. Even when they are aware of the risks, many lack the practical guidance needed to effectively evaluate and secure their models. Our discussion will thus also cover how to threat model real-world applications using AI.
Sofía Celi, Brave
Title: Practical Cryptography: From Deployed Primitives to Real-World Protocol Design
Abstract: This series examines how modern cryptographic techniques are used in real systems and how design choices shape their security and social impact. We will explore privacy in large-scale deployments, the guarantees and limitations of network and web protocols, and the use of zero-knowledge proofs in attestation and credential verification.
Participants will learn how these mechanisms work, how they fail, and how such failures can affect vulnerable communities. We will also discuss private information retrieval in privacy-preserving services and advanced authentication mechanisms that combine several cryptographic tools.
Throughout the series, we will connect technical concepts to real-world consequences and highlight how to design systems that are secure, deployable, and protective in practice.
Bio: Sofía Celi is a Senior Cryptography and Security Researcher at Brave, specializing in privacy-enhancing technologies, post-quantum cryptography, and practical applications of zero-knowledge proofs. She contributed to the Off-the-Record (OTR) messaging protocol and co-authored the post-quantum signature scheme MAYO, submitted to NIST. Sofía is an Honorary Industrial Fellow at the University of Bristol, and sits on the Advisory Council of the Open Technology Fund. She also holds leadership roles within the IETF, IRTF, and W3C, and advises international human-rights organizations on the impact of emerging technologies. She is a co-founder of Criptolatinos and WinC.
CISPA Speakers
Title: TRICK: Time and Range Integrity Checks (Keep or remove word TRICK to keep consistency with other titles)
Abstract: Wide-area positioning is foundational to applications ranging from aviation and maritime operations to drones and connected vehicles, yet the signals we rely on, especially GNSS, remain susceptible to spoofing attacks. In this lecture, we will build intuition for what “secure positioning” means and why it is harder than simply adding cryptography to existing systems. We will then look at verifiable multilateration (VM) as a representative secure positioning technique: VM forms a constrained geometric region using multiple two-way ranging (TWR) interactions, but its reliance on uplink receptions makes it difficult to deploy at a wide-area scale. We then introduce TRICK, a technique that bridges this gap by allowing authenticated broadcast signals to contribute in secure region formation, while requiring only a minimal number of TWR measurements. We close by discussing what TRICK changes for practical secure coverage at scale, and what it implies for designing the next generation of secure wide-area positioning systems.
Bio: Mridula Singh is a tenure-track faculty member at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Her primary research focus is systems security and wireless security, with emphasis on practical attacks and deployable defenses. Her work on physical-layer Message Time-of-Arrival Codes has been used for securing passive keyless entry and start systems in commercial vehicles. She is currently working on securing sensing modalities for autonomous vehicles and designing scalable positioning systems. Prior to joining CISPA, she co-founded Trishulam during her master’s studies and worked as a research engineer at Xerox Research Center India. She received her M.Tech. in Computer Science from IIIT-Delhi, India, and her Ph.D. in Computer Science from ETH Zurich, Switzerland.
