5 th International Workshop on
Designing and Measuring Security in Systems with AI
July 10th, 2026 — Lisbon
co-located with the 11th IEEE European Symposium on Security and Privacy (EuroS&P 2026)
Photo: https://pixabay.com (License: CC BY 2.0 )

Program

July 10th, 2026 — Lisbon

09:00 – 09:30 Posters' installation
09:30 – 09:45 Chairs' welcome
09:45 – 10:30 Invited Talk 1
Vera Rimmer
Research Expert @ DistriNet, KU Leuven (Belgium)
10:30 – 11:00 Coffee Break
11:00 – 12:30 Contributed Talks 1–4
  1. Philipp Normann, Andreas Happe, Jürgen Cito and Daniel Arp. — Post-Training Local LLM Agents for Linux Privilege Escalation with Verifiable Rewards
  2. Ryutaro Nishizaka, Yudai Fujiwara and Yuichi Sugiyama. — How Far Can LLM Agents Go in Binary Exploitation? A CTF-Based Evaluation
  3. Tsunato Nakai, Shoei Nashimoto, Shun Hinatsu, Kento Oonishi and Takuya Higashi. — Measuring Cognitive Biases in Security-Trained LLMs with Attacker-Native Decision Tasks for Proactive Cyber Defense
  4. Nelli Zurabyan, Chaomeng Lu and Bert Lagaisse. — A Comparative Analysis of Vulnerability Management in Machine Learning Projects
12:30 – 13:30 Lunch Break
13:30 – 14:15 Invited Talk 2
Adriana Sejfia
Assistant Professor @ University of Edinburgh (UK)
14:15 – 15:00 Contributed Talks 5–6
  1. Youness Bouchari, Matteo Boffa, Idilio Drago, Marco Mellia, Thanh Minh Bui and Dario Rossi. — Autonomous LLM Agents & CTFs: A Second Look
  2. Tim Van Hamme, Thomas Vissers, Javier Carnerero-Cano, Mario Fritz, Emil C. Lupu, Lieven Desmet and Dinil Mon Divakaran. — MATRA: Modeling the Attack Surface of Agentic AI Systems - OpenClaw Case Study
15:00 – 15:30 Coffee Break
15:30 – 16:30 Poster Session
  1. Pin-Chieh Huang and Chun-Ming Lai. — Action-Centric Vulnerability Remediation under Operational Constraints: Overlap-Aware Optimization with LLM-Assisted Calibration
  2. Subrat Swain, Vikas Maurya, Vireshwar Kumar and Dongseong Kim. — G2AP: Gradient-Guided Adversarial Perturbation in Network Security
  3. Valère Billaud, Paul Temple, Olivier Zendra, Tania Richmond and Olivier Barais. — Are LLMs good at generating secure code? An exploratory study
  4. Tatsuya Sakagami, Masashi Hisai and Naoto Yanai. — Does LLM Make Neural Distinguishers Wise?
16:30 – 17:30 Panel Discussion
  • Vera Rimmer, Research Expert @ DistriNet, KU Leuven (Belgium)
  • Adriana Sejfia, Assistant Professor @ University of Edinburgh (UK)
  • Mehdi Mirakhorli, Associate Professor @ University of Hawaii (US)
  • Dimitri Van Landuyt, Associate Professor @ KU Leuven (Belgium)
  • Maria Mendéz Real, Associate Professor @ University of South Brittany (France)
  • Luca Demetrio, Assistant Professor @ University of Genoa (Italy)
17:30 Closing

Call for Papers

  • Submission site. The submission site for DeMeSSAI 2026 is https://easychair.org/conferences?conf=demessai2026 .

    Important dates. All deadlines are Anywhere on Earth (AoE = UTC-12h):

    • Workshop paper submission: March 19, 2026
    • Workshop acceptance notification: April 19th, 2026

  • Scope of papers. We invite the following types of papers (page limits exclude well-marked references and appendix):

    • Extended abstracts for a poster session (maximum of 2 pages ) that describe ongoing ideas and work in progress and would benefit from quick feedback from the research community.
    • Original research papers (maximum of 6 pages ) that describe novel contributions, report on experimental results, or present industry experiences such as case or field studies.
    • Position and open problem papers (maximum of 6 pages ) discussing promising preliminary experimental results, approaches, ideas, or challenging issues for application in industry; future perspectives and roadmap papers; and “Systematization of knowledge” papers which provide a comprehensive view of the state-of-the-art on the workshop topics.

  • Handling the use of generative AI. Since there will be no formal workshop proceedings and the focus is placed on research talks, we see a low risk of AI-generated submissions. Should the organizers or the PC encounter any suspicious submissions, they will be rejected. The organizers will oversee the review process and ensure high-quality feedback is provided by all reviewers. If an author or co-reviewer reports a suspicious review, one of the workshop chairs will check the review in question and, if needed, provide an additional review.

  • Paper topics. Topics of interest include, but are not limited to, the following areas:

    (a) Applications of AI for enhancing security

    • AI for security requirements engineering, secure coding and application security guidelines
    • AI for assessing security design and threat modeling documents, and planned mitigations
    • AI for aiding security code review, securing source code, and processing documentation
    • AI for SAST, DAST, penetration testing, application and container security testing
    • AI for incident response planning and execution

    (b) Modeling security for AI-augmented systems

    • Approaches to secure software architecture
    • Security risk assessment and analysis
    • Security risk management
    • Threat, attack, intrusion and defense modeling
    • Challenges with modeling or integrating legacy systems with AI components

    (c) Enforcing security for AI-augmented systems

    • Preventing AI misuse and AI benchmarking
    • Enforcing security between design and implementation
    • Enforcing security between implementation and runtime
    • Developing attacks and defenses

    (d) Measuring security for AI-augmented systems

    • Metrics and measurement approaches
    • Security, trust and privacy metrics
    • Measurement systems and associated data gathering
    • Security trade-off analyses
    • Assurance and security certification methods
    • Devtime and runtime security measurements
    • Visualization approaches for security measurements
    • Human aspects and diversity effects

Committee

Workshop Chairs

Steering Committee

Program Committee

  • David Pape (CISPA)
  • Denis Trcek (University of Ljubljana)
  • Dimitri Van Landuyt (KU Leuven)
  • Elena Lisova (MDU, VCE)
  • Emanuele Iannone (Hamburg University of Technology)
  • Giorgio Piras (University of Cagliari)
  • Julien Francq (Naval Group)
  • Mengyuan Zhang (Vrije Universiteit Amsterdam)
  • Muhammad Ali Babar (The University of Adelaide)
  • Phu Nguyen (SINTEF)
  • Riccardo Scandariato (Hamburg University of Technology)
  • Simon Schneider (Hamburg University of Technology)
  • Stjepan Picek (Radboud University)
  • Sven Peldszus (Ruhr University Bochum)
  • Tong Li (Beijing University of Technology)
  • Vianney Lapôtre (Université de Bretagne-Sud)