CAMLIS 2025
DAY ONE
Keynote: What Does It Mean for Agentic AI to Preserve Privacy? Mapping the New Data Sinks and Leaks
Generative AI has rapidly evolved beyond simple chat interfaces into autonomous agents that move data across tools, APIs, and platforms—creating new pathways for information to accumulate, persist, and leak across contexts.
This talk explores the sensitive data users and professionals share with AI systems and examines the expanding privacy risks that go far beyond traditional concerns like verbatim memorization. We analyze emerging practices across leading AI labs and industries, highlighting gaps in transparency, consent, and data governance. New capabilities—such as persistent memory, automated workflows, and deep inference—are enabling powerful functionality, but also unprecedented surveillance and user profiling.
Despite these challenges, we outline a practical path forward. Strategies like data minimization, intentional friction in data collection, and computational offloading can meaningfully reduce risk while preserving innovation. We also explore emerging threat surfaces, including behavioral manipulation, context theft, and persuasion attacks, and consider how these risks will scale in future systems such as long-horizon agents, ambient AI, and robotics workflows.
As agentic AI reshapes the economics of data, this session offers a forward-looking framework for building more trustworthy, privacy-preserving systems.
Niloofar Mireshghallah
Incoming Assistant Professor, Carnegie Mellon University (EPP & LTI)/Research Scientist, FAIR
-
Speaker:Javad Rafiei Asl
Author(s):Javad Rafiei Asl; Sidhant Narula; Mohammad Ghasemigol; Eduardo Blanco ; Daniel Takabi
A Framework for Adaptive Multi-Turn Jailbreak Attacks on Large Language Models
Abstract: This paper introduces HarmNet, a modular framework designed to systematically construct, refine, and execute multi-turn jailbreak queries against LLMs, demonstrating significantly higher attack success rates compared to prior methods.
-
Speaker: Tamás Vörös
Author(s): Tamás Vörös; Adarsh Kyadige
This work proposes LLM salting, a lightweight defense mechanism that rotates the internal refusal direction of LLMs, rendering previously effective jailbreak prompts (like GCG) ineffective without degrading model utility.
-
Speaker: Amelia Kawasaki
Author(s): Amelia Kawasaki; Kasimir Schulz; Leo Ring
Abstract: This paper unveils ShadowLogic, a method for injecting hidden backdoors into white-box LLMs by modifying theircomputational graphs. These backdoors are activated by a secret trigger phrase, allowing the model to generate uncensored responses and exposing a new class of graph-level vulnerabilities.
-
Speaker: Jake Thomas
Author(s): Jake Thomas; Damian Ruck; Gabriel Downer; Sean Craven
Abstract: This research presents Text2VLM, a novel pipeline that adapts text-only datasets into multimodal formats to evaluate the resilience of Visual Language Models (VLMs) against typographic prompt injection attacks. It highlights the increased susceptibility of VLMs when visual inputs are introduced.
-
Speaker: Tim Dudman
Author(s): Tim Dudman
Abstract: This work proposes Topological Extensions for Reinforcement Learning Agents (TERLA) to provide generalizability for cyber defense agents in networks of differing topology and size without the need for retraining. It evaluates performance in realistic simulation environments.
-
Speaker: Ashley Song
Author(s): Ashley Song; Hsin Chen; Shawn Davis; Dhruv Nandakumar
Abstract: This study evaluates Test-Time Compute for improving the accuracy and consistency of real-world cybersecurity agentic systems, specifically a container vulnerability analysis agent and a server alert triage agent.
-
Speaker: Benji Lilley
Author(s): Benji Lilley; Brian Mitchell; Spiros Mancoridis
Abstract: This paper introduces Relational Inference GraphRAG (RIG-RAG), an LLM-assisted pipeline that transforms cloud configuration data into a security-enriched knowledge graph to support natural-language reasoning about deployed infrastructure. This enhances agentic capabilities for cloud security operations.
DAY TWO
Keynote: What Does It Mean for Agentic AI to Preserve Privacy? Mapping the New Data Sinks and Leaks
After building the cybersecurity software company Endgame, Nate Fick served from 2022-2025 as the inaugural U.S. Ambassador for Cyberspace & Digital Policy at the Department of State, leading American diplomacy around the world on technology issues including cybersecurity, digital infrastructure, digital regulatory policy, and emerging technologies.
From Kyiv to Beijing, and from Brussels to Delhi, he was on the frontlines of the competition to shape the 21st century -- a competition increasingly decided by key technologies. His keynote shares lessons relevant to citizens, investors, and company-builders alike.
Nathaniel Fick
CEO/Investor/U.S. Ambassador/Marine/Author
-
Speaker: Mohammad Saidur Rahman
Author(s): Mohammad Saidur Rahman; Scott Coull; Qi Yu; Matthew Wright
Abstract: This study proposes MADAR, a Continual Learning (CL) framework for malware classification, which addresses catastrophic forgetting by incorporating diversity-aware replay. It demonstrates improved detection accuracy for both Windows and Android malware datasets.
-
Speaker: Supriti Vijay
Author(s): Supriti Vijay; Aman Priyanshu
Abstract: This paper presents a multi-turn retrieval architecture for automating vulnerable code discovery, where models iteratively generate and refine search queries. It introduces a reinforcement learning environment and dataset for training such strategies.
-
Speaker: Christopher Honaker
Author(s): Christopher Honaker
Abstract: This research examines social interactions in open-source code repositories using a biased BERTopic model to identify emerging cybersecurity threats (e.g., the XZ Utils backdoor) by prioritizing negative sentiment and cybersecurity keywords.
-
Speaker: Edward Raff
Author(s): Edward Raff; Karen Kukla; Michel Benaroch; Joseph Comprix
Abstract: This work explores Adversarial Machine Learning (AML) attacks on financial reporting, demonstrating how bad actors can manipulate financial statements to inflate earnings and reduce fraud scores simultaneously, highlighting a critical information security vulnerability in financial systems.
-
Speaker: Sadegh Momeni
Author(s): Sadegh Momeni; Ge Zhang; Birkett Huber ; Hamza Harkous; Sam Lipton; Benoit Seguin; Yanis Pavlidis
Abstract: This paper proposes a two-stage hybrid framework for ML-based threat detection in enterprise security, combining loose YARA rules with an ML classifier and leveraging synthetic data generation (Simula) and active learning to achieve a self-sustained, low-overhead solution for SOCs.
-
Speaker: Steven Leung
Author(s): Steven Leung
Abstract: This study provides the first large-scale empirical evaluation of Risk-Based Authentication (RBA) effectiveness in production two-factor authentication (2FA) systems against real-world opportunistic, targeted, and advanced attacks. It demonstrates how heuristic and anomaly detection methods improve security while maintaining user experience.
-
Speaker: Daniel Jones
Author(s): Daniel Jones; Giorgio Severi; Martin Pouliot; Gary Lopez; Joris de Gruyter; Santiago Zanella-Beguelin; Justin Song; Blake Bullwinkel; Pamela Cortez; Amanda Minnich
-
-
-
Speaker: Gary Lopez Munoz
Author(s): Gary Lopez Munoz; Mauricio Velazco; Manuel MelŽndez
-
-
Speaker: Arjun Krishna
Author(s): Arjun Krishna, Erick Galinkin, Leon Derczynski, Jeffrey Martin
-
Speaker: Subhabrata Majumdar
Author(s): Subhabrata Majumdar; Brian Pendleton; Abhishek Gupta
Additional Content
-
A Platform for Rapidly Developing and Deploying Protection Against Large Language Models Attacks
Presenter: Konstantin Berlin
Accelerating Cyber Defense with Applied Open-Weight LLMs (pdf)
Presenter: Ryan Fetterman
Anomaly Detection Betrayed Us, so We Gave It a New Job: Enhancing Command-Line Classification with Benign Anomalous Data
Presenter: Ben Gelman
Base Rate Measurement and Precision Forecasting (pdf)
Presenter: Michael Slawinski
Benchmarking Agentic LLMs for Vulnerability Management: Exposing and Mitigating Situational Awareness Bias
Presenter: Dmitrijs Trizna
Causal Reinforcement Learning for Labelling Optimization in Cyber Anomaly Detection (pdf)
Presenter: Susan Babirye
Dynamic Graph Structure for Tracking Cluster Evolution and LLM Summarization (pdf)
Presenter: Michael Slawinksi
Evaluating LLM Generated Detection Rules in Cybersecurity
Presenter: Anna Bertiger
Glass-box triage: An explainable-by-design LLM-ML-Human framework for high scale production threat detection
Presenter: Caleb Fogleman
Harnessing Large Language Models for Detection of AI Generated Attacks (pdf)
Presenter: Abhishek Singh
Interpretable attack pattern detection and IP grouping using honeypot data (pdf)
Presenter: Daniyar Ghani
Offensive Security for AI Systems: Concepts, Practices, and Applications (pdf)
Presenter: Josh Harguess
PentestJudge: Autonomous Process Evaluation for AI Security Agents (pdf)
Presenter: Shane Caldwell
SemFire: A Semantic Firewall for Injection Safety and Deception Detection (pdf)
Presenter: Edward Joseph
RoleSentry: A Multi-Stage Framework for Explainable Detection of AWS Role Chaining Attacks
Presenter: Godwin Attigah
-
Ask What Your Country Can Do For You: Towards a Public Red Teaming Model
Presenter: Wm. Matthew Kennedy
Detecting Complex Vulnerabilities in Real-World Code - New Benchmark for Enhanced Software Security
Presenter: Klaudia Kloc
LLM backdoor poisoning: attacks and detections (pdf)
Presenter: Nir Rosen