Even Homer sometimes nods. I chose this article for two key reasons. First, it shows that phishing isn’t just a threat to non-technical users—even seasoned IT professionals can fall victim, despite using multi-factor authentication (MFA). Second, this incident was part of a larger supply chain attack with potentially catastrophic consequences. The takeaway? Think a thousand (…)
I find this article interesting because it highlights the tension between digital sovereignty and the expansion of global technology. With 75% market penetration compared to the single-digit presence of US alternatives, Pix demonstrates how public digital goods can effectively challenge the dominance of Big Tech. This case raises the question of whether payment systems constitute (…)
This article talks about deepening digital estrangement, digital intrusion, and digital distraction from the perspective of a teacher who has seen the harm that overreliance on AI has caused to her students’ educational attainment. Hers is another testimony to the need for the definition of responsible and trustworthy AI to include when it should be (…)
Semiconductors power nearly all modern devices, so controlling their production is strategically crucial. By revoking TSMC’s authorization to export advanced US chipmaking tools to China, the US hinders China’s ability to produce state-of-the-art chips (though TSMC only makes less advanced chips there). While this may curb China’s capacities in the short run, in the long-term, (…)
Using the infamous example of the backdoor in the xz library, this piece astutely dissects the systematic failure of the software economy to properly support open-source software development, leaving our so-called software ‘supply’ chain vulnerable to attacks. I agree wholeheartedly with the author that if we do not stop treating open-source software as a free (…)
While public LLM APIs are convenient, they store all queries on providers’ servers. Running open LLMs locally offers privacy and offline access, though setup can be challenging depending on hardware and model requirements. ‘Anyway’ addresses this by distributing queries across multiple GPUs with dynamic scaling. Prof. Guerraoui works on fault tolerance in distributed systems. This (…)
I follow the advances of quantum computers with great interest, mainly because I’m curious when, or if, they will ever be able to break current cryptography algorithms. The holy grail of the algorithms is called ‘Shor’s algorithm’, which can factorize numbers quickly. Already in 2001, a quantum computer factorized 15! Yet since then, no quantum (…)
I particularly enjoyed this article because it challenges today’s automation-at-all-costs mindset, urging us to prioritize human-AI collaboration over replacement, with the goal that AI plus human expertise exceeds what AI can achieve alone. Learning when to collaborate versus automate is vital for more trustworthy and effective outcomes.
A successful—and almost uplifting—example of collaboration across law enforcement, government agencies, and businesses against cybercrime is exemplified by the Cybercrime Atlas project. In a sweeping INTERPOL-coordinated operation, authorities across Africa arrested 1,209 cybercriminals who targeted nearly 88,000 victims. The crackdown recovered USD 97.4 million and dismantled 11,432 malicious infrastructures. This operation demonstrates how cross-border collaboration (…)
Whether you’re for or against the proposed E-ID, a public discussion is the healthiest if it is founded on factually correct arguments. While this piece is clearly opinionated, it also tries to examine the main arguments from the opposition as neutrally as possible, and provides a good explanation and discussion for each of them, pointing (…)
The Israeli airstrike campaign against Iranian military and cyber infrastructure on 12 June had an ‘interesting’ side effect. Accounts that had previously been identified as allegedly being managed by the Iranian Revolutionary Guard Corps (IRGC) and that promoted Scottish independence fell silent following the strikes. This resulted in a 4% reduction in all discussion related (…)
A secure and reliable electronic identity (e-ID) is both a challenge and a crucial issue in today’s digital landscape. EPFL and SICPA are joining forces to design an innovative system of cryptographic algorithms.
To promote research and education in cyber-defence, EPFL and the Cyber-Defence (CYD) Campus launched a rolling call for Master Thesis Fellowships – A Talent Program for Cyber-Defence Research.
This month we introduce you to Hamza Abid, a CYD Master Thesis Fellowship recipient, who is finishing up his Master Thesis in the Laboratory of Sensing and Networking Systems at EPFL.
This article prompts reflection on what we mean by ‘trust’ when we talk about ‘trustworthy’ AI. There are many dimensions to trust, and the author helpfully breaks them down. In human-AI interactions, misalignments can occur when stakeholders interpret ‘trust’ differently. For example, companies might emphasize the epistemic aspect—reliance on knowledge and its acquisition—of trust, while (…)
It often appears as if disinformation was spread by a large number of social media users. However, research suggests that it is a comparatively small percentage of the users that is primarily responsible for creating and widely sharing divisive content, with these voices being amplified by the platforms’ algorithms. As bleak as this may be, (…)
An impressively large line-up of AI leaders and experts are advocating for more research into ‘chain-of-thought’ (CoT) monitoring of reasoning models. This technique, as the name implies, aims to understand how AI reasoning models work. It could become a key method for understanding how AI agents think and what their goals are, and could enhance (…)
With all the hype around agentic AI, the industry is rushing to embrace it. However, alarm bells have been sounded again and again concerning misaligned behaviour of LLMs and Large Reasoning Models (LRMs), ranging from ‘harmless’ misinformation to deliberately malicious actions. This raises serious questions whether the current technology is really mature enough to be (…)
A must-attend event in Switzerland, the Black Alps conference is a hot spot for cybersecurity professionals and enthusiasts. The event allows you to discuss the latest threats, mitigations and advances in cybersecurity. The 2-day and 2-night program includes a variety of keynotes and technical talks, networking dinners and an ethical hacking contest (CTF). #BlackAlps25
From a cryptographer’s point of view, the big breakthrough in quantum computing would be if it can successfully factorize numbers in the 1000-digit range. As it turns out, this is actually quite difficult. The record from 2012 of factorizing the number 21 is still unbeaten! And all reports of factorizing bigger numbers used very, very (…)
A lot of cryptographic proofs rely on something called the ‘random oracle model’ and the ‘Fiat-Shamir transformation’. Together, they can create a mathematical proof of the security of a specific zero knowledge protocol. However, the random oracle model is never used – in real algorithms, it is replaced by a hash function. What can go (…)
As a software engineer, I’m looking at LLMs both as a tool for, but potentially also a danger to, my job: will it replace me one day? In this study, they measured the time that seasoned software needed to fix a bug, both with and without the aid of LLMs. The outcome in this specific (…)
This full-day conference explores the potential disruptions caused by the rise of AI agents and their impact on existing systems and structures. Bringing together industry leaders, researchers, policymakers, and stakeholders, the event will facilitate in-depth discussions on the challenges and opportunities presented by AI agents. Participants will assess the risks, examine strategies to mitigate emerging threats, and collaborate on establishing resilient frameworks for responsible innovation.
This event is organized by the Center for Digital Trust (C4DT) at EPFL.
The Center for Digital Trust hosted a successful workshop on Privacy-Preserving eID last week. We welcomed 14 participants from seven partner organizations including Be-Ys, ELCA, FOITT, Kudelski, SICPA, Swiss Post/SwissSign, and Swisscom. The day-long event combined theoretical foundations with hands-on technical demonstrations. Our focus centered on swiyu, Switzerland’s proposed eID project developed by FOITT, (…)
This article highlights the alarming reliance of critical infrastructure on outdated technology, exposing significant vulnerabilities in essential systems. The need for uninterrupted operation and compatibility requirements presents major challenges to the modernization of these legacy systems, and the costs to upgrade are steep. Yet the potential for catastrophic failure due to obsolete equipment underscores the (…)
