Companies are taking advantage of the digital world to keep control over physical devices, even after you buy them. The latest licensing terms of the Nintendo Switch 2 contains wording that allows the company to permanently disable the console if it determines you’ve violated their terms. This highlights a serious trust concern: even after paying (…)
The NSCS has released an excellent overview of advanced cryptographic techniques and their potential applications. It wisely points out that while these new methods (e.g., homomorphic encryption, multiparty computation or zero-knowledge proofs) provide unique data-processing functionalities to solve certain privacy and trust problems, they come with significant trade-offs in performance, complexity and maturity. To guide (…)
The Research Institute (SuRI) is an annual event that takes place at the School of Computer and Communication Sciences of the École polytechnique fédérale de Lausanne, Switzerland. The workshop brings together researchers and experts from academia and industry for research talks and informal discussions.
Interested in this training? Reach out to us to discuss Teaser Step into the future of digital identity with our immersive training, “SWIYU Integration – Privacy-Preserving Solutions for the Swiss eID.”Tailored for engineers, this course provides a comprehensive exploration of the Swiss eID system, offering an in-depth understanding of its authentication protocols, security measures, and (…)
Interested in this training? Reach out to us to discuss Teaser Unlock the potential of AI agents with our course, “AI Agents Unveiled: Myth, Reality, and Trust.” Designed specifically for decision makers, this 2.75-hour program provides a clear and comprehensive overview of AI agents, their functionalities, and their impact. You’ll gain insights into the operational (…)
I like this insight into how a cybersecurity company works to defend against adversaries trying to infiltrate them. According to this article, one of the most important attack vectors is job applicants who want to infiltrate the company. Which of course makes sense, now that other attacks become more difficult, going back to the good (…)
Large language models (LLMs) are trained on huge amounts of data, but companies rarely explain exactly what data they use. This makes it hard to trust these models, since bad data can lead to wrong answers. There’s also a legal problem: Is it allowed to use free online content (like books or articles) for training, (…)
This article reveals how North Korean agents are finding jobs in IT by exploiting remote working opportunities and AI-powered interviews. This combination of espionage and “legitimate” job hunting creates a worrying new security challenge, as companies cannot verify who they are actually hiring. This sophisticated operation illustrates the evolution of cybersecurity threats, which are no (…)
I don’t mind if my AI keeps a memory of my inquiries during a given application session; in fact, it is more convenient if I work on something consecutively. However, long-term memory functions are very disconcerting. In the case of Meta, I am also troubled that it requires a Meta-associated account for its AI use, (…)
Regulations are only effective when properly enforced. Following the introduction of numerous digital regulations in recent years, it is now high time to focus on their effective implementation and enforcement. The Digital Markets Act (DMA) seeks to promote fair competition by protecting smaller businesses from potential abuses by dominant market players. However, its enforcement will (…)
Aiming to provide detailed knowledge and hands-on experience, the participants of the CYRENZH Summer School 2025 are going to understand in-depth and apply interdisciplinary research methods (e.g. mixed-methods approaches, the use of AI in research) from the field of Social Sciences, but also with inputs from Computer Science. Further, this summer school is supplemented with an emphasis on transdisciplinary topics such as communication skills, ethical considerations, and collaborations with industry.
November 19th, 2025, 09h30-17h30, Starling Hotel, 1025 Saint-Sulpice Introduction As we enter the agentic era, AI agents are increasingly integrated into various aspects of modern life, performing tasks that range from personal assistance and financial management to complex decision-making in industries. These AI agents, driven by powerful algorithms, are transforming how we interact with technology (…)
Wednesday, June 3rd, 5th or 10th, 2025, 09h-13h30 (tbc), BC 410, EPFL Introduction The transition towards digital solutions in Swiss democratic processes, such as e-collecting of signatures for initiatives and referenda, presents both opportunities and challenges. With increasing concerns about fraud, privacy, and data security, there is a pressing need to develop a trustworthy and (…)
The Blavatnik Interdisciplinary Cyber Research Center (ICRC) at Tel Aviv University is hosting its 15th annual Cyber Week Conference from June 23-26, 2025. Find out more here.
I found this short paper by John Kelsey and Bruce Schneier an insightful take on common fallacies in security – and how, despite not actually increasing security per se, they can still have beneficial side-effects, such making users feel more secure. Nonetheless, the people responsible for the security of their systems should have a clear-eyed (…)
Phishing campaigns aren’t limited to scammers being out for your money. This article depicts what is likely a state-affiliated phishing campaign, or at the very least one that is sympathetic towards the state’s interest, that targets Russian citizens looking to join Ukrainian paramilitary groups. It is noteworthy that the phishing sites appear to be spread (…)
In their article, the authors draw attention to the notion of data integrity and how integrity controls will take center stage in a world increasingly populated by AI agents, requiring verifiable, trustworthy personal data and computation. I found their layered perspective on understanding integrity failures particularly helpful, as it provides a comprehensive framework for identifying (…)
This acquisition, for the astronomical sum of $32 billion, clearly demonstrates the importance of cloud AND cybersecurity services. With access to a large customer base and a world-class multi-cloud security platform, Google aims to better compete with AWS and Azure in an area where it is still struggling to catch up with its rivals.
The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University hosts a weekly cyber security, privacy, resiliency or autonomy speaker, highlighting technical discovery or case studies or exploring cyber operational approaches. Check out their extensive repository of talks here!
A team featuring CyLab researchers was honored with the Test of Time Award at the 2025 Symposium on Usable Security and Privacy (USEC 2025). The research team, featuring Patrick Gage Kelley (Ph.D.’12), CyLab alumnus; CyLab director Lorrie Cranor; and Norman Sadeh, co-director of Carnegie Mellon University’s Privacy Engineering Program.
CV Summit Zurich is Europe’s premium blockchain, AI, and emerging tech business event which convenes leaders, facilitates high-level discourse and connection. It takes place in Switzerland, a leading blockchain landscape and home of ‘Crypto Valley’.
Encryption is a way to ensure that data sent from one device to another can’t be read if intercepted. But what if the data pertains to criminal activity? Ana-Maria Cretu from EPFL’s Security and Privacy Engineering Lab shares her expertise on safety versus privacy concerns.
Während es sehr begrüßenswert ist, dass der Bund sich augenscheinlich dafür entschieden hat, eine lokale in-house Lösung für die KI-Anwendung “Gov-GPT“ zu nutzen, ist es problematisch, dass das sogenannte “Open Source Large Language Model“ Llama von Meta ist. Von dem oft angebrachten Kritikpunkt, dass diese Modelle nur dem Namen nach “Open Source“ sind, da die (…)
This article is interesting because it explains the reasons for Google’s change of position on Android OS development. The company is moving away from public contributions to the Android Open Source Project (AOSP) to streamline development and reduce merge conflicts. While Google commits to releasing source code post-release, reduced transparency remains a concern, as it (…)
