Speakers
Daniel Gruss
Graz University of Technology
Marius Münch
University of Birmingham
Stjepan Picek
University of Zagreb
Bart Preneel
KU Leuven
Phillip Rieger
Graz University of Technology
Lea Schönherr
CISPA Helmholtz Center for Information Security
Shweta Shinde
ETH Zurich
Lichao Wu
University of Bristol
Daniel Gruss
Graz University of Technology
Daniel Gruss (@lavados) is a University Professor at Graz University of Technology. He loves teaching and research of system-level topics including side channels and transient execution attacks.
He implemented the first remote fault attack running in a website, known as Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs published in early 2018. In 2023, he received an ERC Starting Grant to research the sustainability of security. He frequently speaks at top international venues.
Marius Münch
University of Birmingham
Marius Muench is an assistant professor at the University of Birmingham. He obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as a postdoctoral researcher at the Vrije Universiteit Amsterdam. He developed avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands.
His research led to the discovery and mitigation of security vulnerabilities affecting millions of devices across various computation devices. This includes cellular basebands in smartphones, modern CPUs, state-of-the-art microcontrollers, and commercial cloud environments.
Phillip Rieger
Graz University of Technology
Starting in September 2026, Phillip Rieger joins TU Graz as Assistant Professor for Secure AI Systems. His research includes the security of generative AI, applications of AI for system security, and the security and privacy of distributed learning, with particular emphasis on paradigms such as Federated Learning and Split Learning.
A major focus of his work is the detection and mitigation of poisoning and backdoor attacks in collaborative machine learning systems. His research has explored these threats from multiple perspectives, including the analysis of model representations in alternative feature domains, behavior-based detection of hidden backdoors, privacy-preserving validation mechanisms, and the use of trusted hardware and cryptographic techniques to strengthen the security of distributed learning systems and detect well-hidden backdoors. Before joining TU Graz, he received his PhD in Computer Science from TU Darmstadt, where he was a researcher in the Secure Systems Lab and worked on adversarially robust machine learning, AI security, and privacy-preserving learning systems.
Stjepan Picek
University of Zagreb
Stjepan Picek is a full professor at the University of Zagreb, Faculty of Electrical Engineering and Computing, Croatia. He also holds an associate professor position at Radboud University, Nijmegen, and an adjunct professor position at the University of Bergen, Norway.
Before that, he was an assistant professor at TU Delft and a postdoctoral researcher at MIT, USA, and KU Leuven, Belgium. Stjepan completed PhD in computer science in 2015 at the University of Zagreb, Croatia and Radboud University, The Netherlands. In 2024, he finished a PhD in mathematics at the University of Paris 8, France. His research interests include security and cryptography, machine learning, and evolutionary computation.
To date, Stjepan has given more than 80 invited talks and published more than 200 refereed papers. He is a program committee member and reviewer for a number of conferences and journals and a member of several professional societies. His work has been featured in the mainstream media and on popular technology blogs. He is a member of ELLIS and a Fellow of the Young Academy of Europe.
Bart Preneel
KU Leuven
Bart Preneel received the Electr. Eng. and PhD degrees from the KU Leuven (Belgium). He is a Full Professor at the KU Leuven where he heads the COSIC Research Group. He was visiting professor at five universities in Europe. Bart has authored more than 200 scientific publications and is inventor of 2 patents. He has participated to more than 20 EU funded projects and has coordinated four of these including the EU NoE ECRYPT.
He has served as panel member and chair for the European Research Council. Since 1997 he is serving on the Board of Directors of the IACR (International Association for Cryptologic Research), from 2002-2007 as vice president and from 2008-2013 as president. He is a member of the Permanent Stakeholders group of ENISA and of the Academia Europaea. He has served on the Advisory Board of several companies and EU projects. He has served as Program Chair of 15 international conferences and he has been invited speaker at more than 90 conferences in 40 countries. In 2014, he received the RSA Award for Excellence in the Field of Mathematics.
Lea Schönherr
CISPA Helmholtz Center for Information Security
Lea Schönherr is a tenure-track faculty at the CISPA Helmholtz Center for Information Security, where she has led research in trustworthy AI systems since 2022. She received her PhD from Ruhr University Bochum in 2021 with a dissertation on adversarially robust speech and speaker recognition, supported by the DFG Cluster of Excellence CASA. After her PhD, she was a postdoctoral researcher at Ruhr University Bochum and CISPA, and a visiting researcher at the University of California, Berkeley, and the University of Chicago.
With her research group, she works on the security of AI systems, spanning LLMs and agentic pipelines, speech and audio models, code-generating models, preventing the misuse of generative AI, and the human factors involved in AI-driven threats. She also critically examines how AI security research itself is conducted. Her research covers both attacks and defenses, with the goal of building AI that is secure, safe, and reliable, such that trust emerges from understanding and transparency rather than blind reliance.
Shweta Shinde
ETH Zurich
Shweta Shinde is an Assistant Professor in the Department of Computer Science at ETH Zürich, where she leads the Secure & Trustworthy Systems (SECTRS) group. Her research focuses on building fundamentally secure large-scale systems. She has a track record of uncovering real-world vulnerabilities in confidential computing environments based on insights that emerge from the understanding gained through her work to secure them.
Her defensive research has translated into deployed solutions, with real-world impact extending well beyond the academic setting. Prior to joining ETH Zürich, she was a postdoctoral scholar at the University of California, Berkeley, and completed her PhD at the National University of Singapore.
Lichao Wu
University of Bristol
Lichao Wu is an Assistant Professor at the University of Bristol, where his research focuses on hardware security and AI security. Prior to joining Bristol, he was a postdoctoral researcher in the System Security Lab at TU Darmstadt, Germany, and a postdoctoral research fellow at Radboud University, the Netherlands.
His research explores AI-augmented physical and micro-architectural hardware security, as well as the security of AI systems. He has published extensively in leading security and cryptography venues, including USENIX Security, NDSS, ASIACRYPT, TCHES, and IEEE TDSC. His work has contributed to industry and public-sector security practices, including references in AIS 46 guidance published by the German Federal Office for Information Security (BSI). He has also contributed to multiple EU- and industry-funded research projects.
Sahar Abdelnabi
Sahar Abdelnabi is an AI security researcher at Microsoft. She completed her PhD at CISPA Helmholtz Center for Information Security, advised by Prof. Dr. Mario Fritz, and obtained her MSc degree at Saarland University.
She is interested in the broad intersection of machine learning with security, safety, and sociopolitical aspects. This includes the following areas: 1) Understanding, probing, and mitigating the failure modes of machine learning models, their biases, and their misuse scenarios. 2) How machine learning models could amplify or help counter existing societal and safety problems (e.g., misinformation, biases, stereotypes, cybersecurity risks, etc.). 3) Emergent safety challenges posed by new foundation and large language models.
(mobile) Sahar Abdelnabi
Sahar Abdelnabi is an AI security researcher at Microsoft. She completed her PhD at CISPA Helmholtz Center for Information Security, advised by Prof. Dr. Mario Fritz, and obtained her MSc degree at Saarland University.
She is interested in the broad intersection of machine learning with security, safety, and sociopolitical aspects. This includes the following areas: 1) Understanding, probing, and mitigating the failure modes of machine learning models, their biases, and their misuse scenarios. 2) How machine learning models could amplify or help counter existing societal and safety problems (e.g., misinformation, biases, stereotypes, cybersecurity risks, etc.). 3) Emergent safety challenges posed by new foundation and large language models.