On May 5 – 7, ELSA will host its final General Assembly. On the last day, May 7th, we invite all participants to join us for our workshops! Here’s what is in for you.
Attend via Zoom – more infos below.
Workshop Topic
AI has boosted capabilities in many domains – or has increased capabilities of individuals. The cybersecurity domain is no different. AI has been pivotal in automatically detecting cyber incidents in real time at remarkable accuracy levels, or finding and fixing bugs and vulnerabilities at scale. But it has become increasingly clear, that we are also seeing an increasing boost in offensive capabilities. The EU AI office has a dedicated thread to monitor cyber capabilities for General Purpose AI (GPAI) models, and also recent research has demonstrated emerging capabilities of AI models – e.g. tackle capture the flag challenges autonomously. This workshop is dedicated to bring researchers, practitioners, industry, and policy makers together in order to understand risks and opportunities in the rapidly changing cybersecurity landscape due to AI. Furthermore, the topic will be strategies and actions that should be in place in order to do justice to this pressing topic.
Speakers
Prof. Dr. Mario Fritz, CISPA (Speaker & Organizer)
Prof Dr. Mario Fritz is a faculty at the CISPA Helmholtz Center for Information Security, an honorary professor at Saarland University, and a fellow of the European Laboratory for Learning and Intelligent Systems (ELLIS). His research focuses on trustworthy artificial intelligence, especially at the intersection of information security and machine learning.
Prof. Dr. Battista Biggio, University of Cagliari
Battista Biggio (MSc 2006, PhD 2010) is Full Professor of Machine Learning at the University of Cagliari, Italy, and research co-director of AI Security at the sAIfer lab (www.saiferlab.ai). He has provided pioneering contributions in machine-learning security, for which we received the 2022 ICML Test of Time Award and the 2021 Best Paper Award and Pattern Recognition Medal from Elsevier Pattern Recognition.
Talk: “Machine Learning for Cybersecurity in Adversarial Settings: Open Issues and Research Challenges”
Machine learning has become a key technology in cybersecurity, enabling automated detection of malware, phishing, and web attacks, yet it remains vulnerable in adversarial environments where attackers actively seek to evade detection. This talk surveys recent advances in adversarial machine learning for security, focusing on evasion attacks against malware classifiers for Android and Windows, where carefully crafted modifications can preserve malicious functionality while bypassing detection. It also discusses approaches to web security that integrate learning into web application firewalls while accounting for adversarial manipulation, as well as phishing webpage detection under adversarial constraints. Finally, it explores emerging challenges in the use of large language models for security applications, including issues related to steering and robustness. The talk concludes by outlining key open problems and research challenges for building resilient and trustworthy machine learning systems in cybersecurity.
Dr. Dario Pasquini, Cracken
Dr. Dario Pasquini’s research focuses on identifying and exploiting vulnerabilities in AI models and the protocols that depend on them. He also leverages AI to break systems; primarily passwords, (when possible) cryptographic protocols, and (you guessed it) other AI models. Before joining Cracken as Head of AI, Dario was a Principal Researcher at RSAC. Previously, he served as Visiting Faculty at George Mason University, a Postdoctoral Researcher at EPFL’s Security and Privacy Engineering Laboratory, and a Research Fellow at the National Research Council in Italy.
Talk: “Red-Teaming the AI Red Team”
Take a trillion-parameter, fully autonomous system, give it access to hacking tools and real-world exploits, and turn it loose. What could possibly go wrong?
This talk is about what can go wrong.
We examine the safety and governance risks of AI-driven offensive security systems, especially when they encounter active adversaries. We look at how these systems can be exploited, what the consequences of those failures can be, and how the same weaknesses can be turned into defensive mechanisms against AI-driven cyberattacks.
After a high-level overview, we turn to technical case studies on sandbox escape, lateral movement, and persistence, drawing lessons from vulnerabilities we found in both open-source and proprietary systems. The goal is simple: to help you avoid repeating the same mistakes when designing robust and reliable AI cybersecurity operators.
Prof. Dr. Jürgen Cito, TU Vienna
Prof. Dr. Jürgen Cito is a Full Professor of Software Engineering at TU Wien, Austria. He received his PhD from the University of Zurich and was a postdoctoral researcher at MIT CSAIL. His research focuses on program analysis and AI-based software engineering, with a particular emphasis on autonomous systems for software development and security.
Talk: “Language Models as Penetration Testing Agents: Surprising Capabilities and Ethical Dimensions”
Large language models (LLMs) have recently shown unexpectedly strong performance in offensive security tasks. In this talk, I present our work demonstrating their effectiveness in concrete scenarios such as privilege escalation and attacks on enterprise networks (e.g., Active Directory environments). To explain these results, we hypothesize why LLMs perform well in this domain and relate these hypotheses to our empirical study of how human penetration testers reason and operate in practice. Finally, I want to discuss the ethical dimension of automated penetration testing: Dual-use concerns have always been central to security research, but become more acute with increasing levels of autonomy. We examine how these concerns manifest in the context of LLM-based penetration testing, including questions around responsible disclosure, access, and the broader implications of commoditizing offensive capabilities.
Maite del Mundo de Torres, Alias Robotics
Maite del Mundo de Torres is Chief Marketing Officer at Alias Robotics, where she focuses on positioning Cybersecurity AI at the intersection of technology, market adoption and European sovereignty.
Talk: “From Research to Reality: Communicating and Operationalizing AI in Cybersecurity”
As AI reshapes cybersecurity, a key gap remains between research and real-world adoption. This session provides a non-technical perspective based on Alias Robotics’ experience: from its origins in robot cybersecurity to developing proprietary AI systems now deployed in real-world environments.
Drawing from this journey, the session will reflect on how Cybersecurity AI is already being applied in critical and defense contexts, and why the main challenge is no longer technological feasibility but integration into real operations while ensuring control, trust, and sovereignty.
At its core, the session focuses on communication’s role in bridging this gap — translating complex research, models, and cybersecurity capabilities into narratives that enable understanding, trust, and adoption across enterprise and public-sector stakeholders.
Manuel Reinsperger, EU Commission AI Office
Manuel Reinsperger is a technology specialist at the EU AI Office’s AI Safety team, with a focus on the interplay between frontier AI models and cybersecurity.
Talk: “Risk Modelling for AI Safety Evaluations and the Use of MITRE ATT&CK”
Malcolm Murray, SaferAI
Malcolm Murray is an AI risk management expert with 20+ years advising executives, regulators, and national-level policymakers. Since 2023, exclusively focused on general-purpose AI risk management. He is Research Lead at SaferAI and a Research Affiliate with the Centre for the Governance of AI.
Talk: “Modeling LLM-Enabled Cyber Offense Risk – Current State and Open Questions”
While model capabilities are advancing rapidly, our ability to translate those capabilities into concrete estimates of real-world risk remains underdeveloped. This talk presents SaferAI’s emerging methodology for quantitative AI risk modeling, which combines scenario-based decomposition with probabilistic estimation. The approach models risk as a sequence of causal steps, assigns baseline probabilities, and then estimates how AI systems uplifts these probabilities. By integrating benchmarks, expert elicitation, and probabilistic aggregation, the methodology enables decision-relevant outputs such as the likelihood of large-scale economic harm. Beyond introducing the framework, the talk highlights key open questions at the frontier of the field. These include how to reliably translate benchmark performance into real-world risk, how to balance different modeling architectures, and how to validate models.
Sergej Epp, CISO Sysdig
Sergej Epp is CISO at Sysdig, where he leads security, IT, and threat research for one of the leading cloud security companies. His current research explores the verification asymmetry in AI and if offensive AI outpaces defense and its implications for cloud-native security.
Talk: “ZeroDayClock: Rethinking Defense for an Age of Instant Exploitation”
Most security programs are designed around an assumption that is quietly becoming false: that there is a usable window of time between when a vulnerability becomes known and when it is exploited. For two decades, that window has been compressing. It has now, for a significant and growing class of vulnerabilities, reached zero or gone negative.
It then poses the harder question: if patching can no longer be the primary load-bearing control, what takes its place and are our current architectures, operating models, and regulatory frameworks designed for a world where the exploit arrives before the patch?The session proposes a structured discussion around three areas: how to re-engineer defensive architectures for a zero-time-to-exploit baseline, how AI reshapes both sides of the offense-defense equation simultaneously, and what regulatory and institutional adaptations are needed when compliance timelines are structurally slower than attacker timelines.
Prof. Dr. Vincent Lenders, University of Luxembourg
Vincent Lenders is a Full Professor of Cybersecurity and an FNR PEARL Chair at the University of Luxembourg, where he leads the Systems and Network Security (SNS) Group at the Interdisciplinary Centre for Security, Reliability and Trust (SnT).
Talk: “From Cyber Warfare to AI Warfare: The Path Ahead”
Modern warfare has expanded beyond traditional domains (land, sea, air, and space) into the cyber domain, where states increasingly project power through digital means. Today’s armed forces operate sophisticated cyber commands capable of disrupting information systems and critical infrastructure at scale. The ongoing Russo-Ukrainian War has demonstrated the strategic role of cyber operations within hybrid warfare, where kinetic and digital actions are tightly integrated.
Against this backdrop, advances in artificial intelligence are poised to fundamentally reshape the nature of cyber conflict. Emerging AI systems are beginning to demonstrate super-human capabilities in vulnerability discovery, exploit development, and the automation of key stages of the cyber kill chain. As these systems mature, they raise the prospect of highly autonomous, adaptive, and scalable offensive operations, marking a transition toward what can be described as AI warfare.
This talk first examines how contemporary cyber warfare is conducted, drawing on insights from military cyber defence exercises. It then reviews recent developments in AI, including survey and benchmark results that illustrate the growing ability of AI systems to automate discrete offensive cyber tasks. Finally, it outlines a forward-looking perspective on defence, arguing that the protection of critical infrastructure will require multi-agent cyber defence architectures that leverage advanced AI to counter increasingly capable AI-driven attacks.
Timings
| 8:45 – 9:00 | Registration |
| 9:00 – 9:15 | Welcome, Introduction & Logistics – Mario Fritz |
| 9:15 – 10:00 | Machine Learning for Cybersecurity in Adversarial Settings: Open Issues and Research Challenges – Prof. Dr. Battista Biggio |
| 10:00 – 10:45 | ZeroDayClock: Rethinking Defense for an Age of Instant Exploitation – Sergej Epp |
| 10:45 – 11:15 | Coffee Break |
| 11:15 – 12:00 | From Research to Reality: Communicating and Operationalizing AI in Cybersecurity – Maite Del Mundo De Torres |
| 12:00 – 12:45 | Red-Teaming the AI Red Team – Dario Pasquini |
| 12:45 – 14:00 | Lunch Break |
| 14:00 – 14:45 | From Cyber Warfare to AI Warfare: The Path Ahead – Prof. Dr. Vincent Lenders |
| 14:45 – 15:30 | Language Models as Penetration Testing Agents: Surprising Capabilities and Ethical Dimensions – Jürgen Cito |
| 15:30 – 16:00 | Coffee Break |
| 16:00 – 16:45 | Risk Modelling for AI Safety Evaluations and the Use of MITRE ATT&CK – Manuel Reinsperger |
| 16:45 – 17:30 | Modeling LLM-Enabled Cyber Offense Risk – Current State and Open Questions – Malcolm Murray |
Registration
Please register by April 30, 2026, and join us for the workshop on day three of the Final ELSA General Assembly.
We are excited to welcome you to Saarbrücken!
JOIN THIS WORKSHOP VIA Zoom
This workshop will be shared via Zoom. On the day, click on the link below and join at any time.
We’re also looking forward to your digitally submitted questions.
Mobility Funding
We support travels to the General Assembly with our mobility fund. Before applying, please read the terms and conditions carefully. Submit your mobility application before the event.
Experienced Researchers
PhDs and Postdocs