Speakers: Dr. Rachel Allen and Becca Lynch

Speaker: Hyrum Anderson

Speaker: Niloofar Mireshghallah, Incoming Assistant Professor, Carnegie Mellon University (EPP & LTI)/Research Scientist, FAIR

Abstract: GenAI is no longer confined to chat interfaces—it has evolved into autonomous agents that move data through tools, APIs, and multiple modalities, creating new "data sinks" where information quietly accumulates and new leak paths where it slips across contexts. In this talk, we begin by examining the sensitive data that users and professionals share with these systems, establishing the context of what's at stake. We then dissect current privacy and data risks that go beyond traditional verbatim memorization, analyzing policies from frontier labs and various industries that reveal deceptive practices and surprising gaps in consent mechanisms. We demonstrate how new features like persistent memories, automated workflows, and deep inference capabilities enable unprecedented surveillance and profiling of users. Despite these challenges, we present an optimistic path forward through practical approaches including data minimization, intentional friction in data collection, and computational offloading strategies that limit what models need to store. As these technologies become more broadly adopted, we acknowledge emerging threat surfaces—from behavioral manipulation through character training to context stealing and persuasion attacks. We conclude by exploring how these privacy risks will manifest in future systems like long-horizon agents, ambient AI, and robotics workflows, discussing the need for distributed training approaches, trusted execution environments, and new frameworks to navigate the evolving economics of data in agentic AI systems.

About: This session focuses on research directly addressing the vulnerabilities, attack methods, and defensive strategies for Large Language Models (LLMs) and Visual Language Models (VLMs).

A Framework for Adaptive Multi-Turn Jailbreak Attacks on Large Language Models

Speaker: Javad Rafiei Asl

Author(s): Javad Rafiei Asl; SIDHANT NARULA; Mohammad Ghasemigol; Eduardo Blanco ; Daniel Takabi

This paper introduces HarmNet, a modular framework designed to systematically construct, refine, and execute multi-turn jailbreak queries against LLMs, demonstrating significantly higher attack success rates compared to prior methods.

LLM Salting: From Rainbow Tables to Jailbreaks

Speaker: Tamás Vörös

Author(s): Tamás Vörös; Adarsh Kyadige

This work proposes LLM salting, a lightweight defense mechanism that rotates the internal refusal direction of LLMs, rendering previously effective jailbreak prompts (like GCG) ineffective without degrading model utility.

ShadowLogic: Hidden Backdoors in Any Whitebox LLM

Speaker: Amelia Kawasaki

Author(s): Amelia Kawasaki; Kasimir Schulz; Leo Ring

This paper unveils ShadowLogic, a method for injecting hidden backdoors into white-box LLMs by modifying theircomputational graphs. These backdoors are activated by a secret trigger phrase, allowing the model to generate uncensored responses and exposing a new class of graph-level vulnerabilities.

Text2VLM: Adapting Text-Only Datasets to Evaluate Alignment Training in Visual Language Models

Speaker: Jake Thomas

Author(s): Jake Thomas; Damian Ruck; Gabriel Downer; Sean Craven

This research presents Text2VLM, a novel pipeline that adapts text-only datasets into multimodal formats to evaluate the resilience of Visual Language Models (VLMs) against typographic prompt injection attacks. It highlights the increased susceptibility of VLMs when visual inputs are introduced.

About: This session explores the application of AI and Machine Learning, particularly agentic systems and reinforcement learning, to enhance active cyber defense and security operations.

Adaptive by Design: Contextual Reinforcement Learning for Mission-Ready Cyber Defence

Speaker: Jake Thomas

Author(s): Jake Thomas; Pranay Shah

This paper introduces a framework for applying Contextual Reinforcement Learning (cRL) to cyber defense, where agents dynamically incorporate contextual signals (like mission objectives or threat assessments) to modulate their policies in real-time without retraining.

Towards a Generalisable Cyber Defence Agent for Real-World Computer Networks"

Speaker: Tim Dudman

Author(s): Tim Dudman

This work proposes Topological Extensions for Reinforcement Learning Agents (TERLA) to provide generalizability for cyber defense agents in networks of differing topology and size without the need for retraining. It evaluates performance in realistic simulation environments.

Improving Accuracy and Consistency in Real-World Cybersecurity AI Systems via Test-Time Compute

Speaker: Ashley Song

Author(s): Ashley Song; Hsin Chen; Shawn Davis; Dhruv Nandakumar

This study evaluates Test-Time Compute for improving the accuracy and consistency of real-world cybersecurity agentic systems, specifically a container vulnerability analysis agent and a server alert triage agent.

RIG-RAG: A GraphRAG Inspired Approach to Agentic Cloud Infrastructure

Speaker: Benji Lilley

Author(s): Benji Lilley; Brian Mitchell; Spiros Mancoridis

This paper introduces Relational Inference GraphRAG (RIG-RAG), an LLM-assisted pipeline that transforms cloud configuration data into a security-enriched knowledge graph to support natural-language reasoning about deployed infrastructure. This enhances agentic capabilities for cloud security operations.

Speakers: Dr. Rachel Allen and Becca Lynch

Co-hosted with Align; registration required

Speakers: Dr. Rachel Allen and Becca Lynch

Speaker: Hyrum Anderson

Speaker: Nathaniel Fick, CEO/Investor/U.S. Ambassador/Marine/Author

After building the cybersecurity software company Endgame, Nate Fick served from 2022-2025 as the inaugural U.S. Ambassador for Cyberspace & Digital Policy at the Department of State, leading American diplomacy around the world on technology issues including cybersecurity, digital infrastructure, digital regulatory policy, and emerging technologies. From Kyiv to Beijing, and from Brussels to Delhi, he was on the frontlines of the competition to shape the 21st century -- a competition increasingly decided by key technologies. His keynote shares lessons relevant to citizens, investors, and company-builders alike.

About: This session focuses on diverse methods for identifying, analyzing, and understanding various types of cyber threats and vulnerabilities, ranging from malware and code flaws to social and financial fraud.

MADAR: Efficient Continual Learning for Malware Analysis with Diversity-Aware Replay

Speaker: Mohammad Saidur Rahman

Author(s): Mohammad Saidur Rahman; Scott Coull; Qi Yu; Matthew Wright

This study proposes MADAR, a Continual Learning (CL) framework for malware classification, which addresses catastrophic forgetting by incorporating diversity-aware replay. It demonstrates improved detection accuracy for both Windows and Android malware datasets.

Reason. Search. Retrieve. Repeat. Iterative Retrieval for Automating Vulnerable Code Discovery

Speaker: Supriti Vijay

Author(s): Supriti Vijay; Aman Priyanshu

This paper presents a multi-turn retrieval architecture for automating vulnerable code discovery, where models iteratively generate and refine search queries. It introduces a reinforcement learning environment and dataset for training such strategies.

Social Attack Surfaces: Emerging Cybersecurity Threats in Open Source Collaboration

Speaker: Christopher Honaker

Author(s): Christopher Honaker

This research examines social interactions in open-source code repositories using a biased BERTopic model to identify emerging cybersecurity threats (e.g., the XZ Utils backdoor) by prioritizing negative sentiment and cybersecurity keywords.

Adversarial Machine Learning Attacks on Financial Reporting via Maximum Violated Multi-Objective Attack

Speaker: Edward Raff

Author(s): Edward Raff; Karen Kukla; Michel Benaroch; Joseph Comprix

This work explores Adversarial Machine Learning (AML) attacks on financial reporting, demonstrating how bad actors can manipulate financial statements to inflate earnings and reduce fraud scores simultaneously, highlighting a critical information security vulnerability in financial systems.

About: This concluding session addresses practical, real-world applications of machine learning in Security Operations Centers (SOCs), focusing on detection frameworks, authentication security, and advanced threat intelligence.

Democratizing ML for Enterprise Security: A Self-Sustained Attack Detection Framework

Speaker: Sadegh Momeni

Author(s): Sadegh Momeni; Ge Zhang; Birkett Huber ; Hamza Harkous; Sam Lipton; Benoit Seguin; Yanis Pavlidis

This paper proposes a two-stage hybrid framework for ML-based threat detection in enterprise security, combining loose YARA rules with an ML classifier and leveraging synthetic data generation (Simula) and active learning to achieve a self-sustained, low-overhead solution for SOCs.

Evaluating Risk-Based Authentication Effectiveness in Production 2FA Systems

Speaker: Steven Leung

Author(s): Steven Leung

This study provides the first large-scale empirical evaluation of Risk-Based Authentication (RBA) effectiveness in production two-factor authentication (2FA) systems against real-world opportunistic, targeted, and advanced attacks. It demonstrates how heuristic and anomaly detection methods improve security while maintaining user experience.

LLM ATT&CK Navigator: Mapping Observed Generative Adversarial Techniques Across the Cyber Killchain

Speaker: Kyla Guru

Author(s): Kyla Guru; Alex Moix

This work introduces the LLM ATT&CK Navigator, an interactive tool that maps real-world instances of AI-enabled misuse onto the MITRE ATT&CK Killchain and calculates enablement risks. This provides actionable insights into current adversarial tactics for defensive prioritization.

Speakers: Becca Lynch and Hyrum Anderson

CAMLIS Posters

1. A Platform for Rapidly Developing and Deploying Protection Against Large Language Models Attacks

   Presenter: Konstantin Berlin

2. Accelerating Cyber Defense with Applied Open-Weight LLMs

   Presenter: Ryan Fetterman

3. Anomaly Detection Betrayed Us, so We Gave It a New Job: Enhancing Command-Line Classification with Benign Anomalous Data

   Presenter: Ben Gelman

4. Base Rate Measurement and Precision Forecasting

   Presenter: Michael Slawinski

5. Benchmarking Agentic LLMs for Vulnerability Management: Exposing and Mitigating Situational Awareness Bias

   Presenter: Dmitrijs Trizna

6. Causal Reinforcement Learning for Labelling Optimization in Cyber Anomaly Detection

   Presenter: Susan Babirye

7. Dynamic Graph Structure for Tracking Cluster Evolution and LLM Summarization

   Presenter: Michael Slawinksi

8. Evaluating LLM Generated Detection Rules in Cybersecurity

   Presenter: Anna Bertiger

9. Glass-box triage: An explainable-by-design LLM-ML-Human framework for high scale production threat detection

   Presenter: Caleb Fogleman

10. Harnessing Large Language Models for Detection of AI Generated Attacks

    Presenter: Abhishek Singh

11. Mutually-exciting point processes and topic modelling of honeypot computer terminal data

    Presenter: Daniyar Ghani

12. Offensive Security for AI Systems: Concepts, Practices, and Applications

    Presenter: Josh Harguess

13. PentestJudge: Autonomous Process Evaluation for AI Security Agents

    Presenter: Shane Caldwell

14. RADAR: Open-Source Detection of Agentic Deception and Alignment Risk in LLMs

    Presenter: Edward Joseph

15. RoleSentry: A Multi-Stage Framework for Explainable Detection of AWS Role Chaining Attacks

    Presenter: Godwin Attigah

CAMLIS Red Posters

1. Ask What Your Country Can Do For You: Towards a Public Red Teaming Model

   Presenter: Wm. Matthew Kennedy

2. Detecting Complex Vulnerabilities in Real-World Code - New Benchmark for Enhanced Software Security

   Presenter: Klaudia Kloc

3. LLM backdoor poisoning: attacks and detections

   Presenter: Nir Rosen

Speakers: Rich Harang

Attack Surfaces in Computer Use Agents: A Practical Taxonomy .

Speaker: Daniel Jones

Author(s): Daniel Jones; Giorgio Severi; Martin Pouliot; Gary Lopez; Joris de Gruyter; Santiago Zanella-Beguelin; Justin Song; Blake Bullwinkel; Pamela Cortez; Amanda Minnich

Accelerating AI red teaming operations with the Python Risk Identification Tool (PyRIT)

Speaker: Nina Chikanov

Author(s): Nina Chikanov

BlackIce: A Containerized Red Teaming Toolkit for AI Security Testing

Speaker: Caelin Kaplan

Author(s): Alexander Warnecke; Caelin Kaplan

An Agent-Based Framework for Adversarial Simulation and Blue Teaming

Speaker: Gary Lopez Munoz

Author(s): Gary Lopez Munoz; Mauricio Velazco; Manuel MelŽndez

ScamAgents: How AI Agents Can Simulate Human-Level Scam Calls.

Speaker: Sanket Badhe

Author(s): Sanket Badhe

Importing Phantoms: Measuring LLM Package Hallucination Vulnerabilities

Speaker: Arjun Krishna

Author(s):  Arjun Krishna

PD-AutoR: Towards Automatic Restoration of Poisoned Examples in Machine Learning

Speaker: Xinyu Lei

Author(s): Haoyang Chen; Xu Zhou; Ziao Jiao; Xinyu Lei

Red Teaming AI Red Teaming

Speaker: Subhabrata Majumdar

Author(s): Subhabrata Majumdar; Brian Pendleton; Abhishek Gupta

Speakers: Rich Harang and Becca Lynch