It’s recap time again. In August, over 110 students from all over the world met at CISPA Helmholtz Center for Information Security for the CISPA ELLIS Summer School on Trustworthy AI – Secure and Safe Foundation Models. And here’s how it went.
On August 4th, CISPA opened its doors in Saarbrücken to over 110 participants and thirteen speakers from all over the world.
Recordings are live!
The talk recordings of Mario Fritz, Antti Honkela, Battista Biggio, Franziska Boenisch and Joaquin Vanschoren are now live on Youtube. Watch the recordings now!
We want to thank the speakers for sharing their knowledge online.
After a warm welcome and an introduction to Foundation Models by ELSA Coordinator and CISPA Faculty Mario Fritz, the participants dove straight into the risks of Agentic AI, prompt injection, and the differentiation between data and instructions with the first speaker, Jamie Hayes (Google DeepMind). After a networking coffee break, Om Thakkar (OpenAI) continued with his talk on privacy leakage, challenges, and mitigations in Automatic Speech Recognition and Speech Models.
During the first poster session, participants and speakers then gained a first glimpse into the research that the event participants are doing themselves.
Day two started with Battista Biggio, ELSA Executive Board member and Professor of Computer Engineering at the University of Cagliari. In his session, he talked about Machine Learning Security, especially in the age of Foundation Models, and how learnings from the early age of ML still apply to models today.
Ilia Shumailov followed, analysing “the thing hiding behind” AI models. Spoiler: Potential vulnerabilities can hide in any layer of modern models. Borja Balle (Google DeepMind) elaborated on privacy issues in AI agents, and Andrew Paverd (Microsoft) shared his insights and lessons from two years of working on security incidents of generative AI agents, sharing Microsoft Security Response’s approaches and information about the “Bug Bounty Program”.
Another poster session and dinner rounded off the second day.
Day three started with the first presentation by ELSA Executive Board member and professor at the University of Helsinki, Antti Honkela. He introduced the participants to differential privacy (DP), ranging from a definition of DP and f-DP to the basic properties and fundamental mechanisms. Matthew Jagielski (Google DeepMind) followed with his presentation on data poisoning and its impact on training data.
After 2,5 days of learning, networking, and presenting, it was time for the participant to get to know one of the highlights of the Saarland. The group travelled to Merzig, where they went for a hike at the beautiful Saarschleife and enjoyed dinner.
Back at base, day four started with the second part of Antti Hokela‘s Differential Privacy Sessions, focusing on Deep Learning with Differential Privacy. Next up was the session by Jenia Jitsev (Juelich Supercomputing Center, LAION, and ELLIOT) on Scaling Laws for Foundation Models. After another poster session, Joaquin Vanschoren (Eindhoven University of Technology, Google DeepMind) concluded the day with his session on AI safety and benchmarks.
The last day of the summer school held two more highlights for the group: Mathias Lecuyer (University of British Columbia) presented his research results on how to achieve adversarial robustness from f-differential private predictions. And finally, CISPA Faculty Franziska Boenisch presented her research on the problem of memorization, how it is different from overfitting, and its privacy risks.
During the summer school, it became clear that Safety and Security are not nice-to-have or can be considered at the end of a project. They are essential for sustainable research and successful software. Many disciplines and research findings are not only overlapping, but are connected, hence can support addressing each other’s challenges. Models are not only vulnerable to adversarial attacks from the outside, but still come with big internal privacy and safety challenges. Yet, research has come a long way.
We want to thank the CISPA team and ELLIS for organizing this inspiring Summer School, our speakers for sharing their knowledge, and our attendees and guests for sharing their ideas, asking inspiring, intelligent questions, and presenting their own research with posters.