CISPA-UCT-Summer School 2026

When: February 16-18, 2026

Where: UCT, Cape Town, South Africa

We are inviting applications from graduate students and researchers in the areas of Computer Science and Cybersecurity with a focus on AI. During our annual scientific event, students will have the opportunity to follow one week of scientific talks and workshops, present their own work during poster sessions and discuss relevant topics with fellow researchers and expert speakers. This year's edition is in collaboration with UCT, Cape Town and will take place in South Africa.

Application Process: Please fill in our online application form.

Notification of Acceptance: We will notify you via email.

Fee: none

Deadline for Regular Application: February 09, 2026.

Program

Invited Speakers

Daniel Arp, TU Wien

Title: Pitfalls in AI for Security

Abstract: Advances in computational power and the proliferation of massive datasets have propelled artificial intelligence (AI) to achieve major breakthroughs across a wide spectrum of applications—from image recognition and natural language processing to autonomous systems and scientific discovery. Yet when AI techniques are applied to security, they encounter a host of subtle pitfalls that can seriously undermine performance and, in the worst case, render learning-based systems unsuitable for real-world deployment. In this lecture, we will take an in-depth look at these pitfalls and explore how they manifest in various security domains, such as malware detection and vulnerability discovery, where they frequently lead to inflated assessments of system effectiveness. We’ll survey illustrative case studies drawn from academic literature to gauge the prevalence of these issues and, finally, discuss recommendations for avoiding them when designing experiments.

Bio: Daniel Arp is a tenure-track Assistant Professor in the Security and Privacy Research Unit at Technische Universität Wien. Previously, he held a postdoctoral research position at TU Berlin and a visiting research position at University College London and King’s College London. He received his Ph.D. with honours in Computer Science from TU Braunschweig. Additionally, he holds a master’s degree in Computer Engineering from TU Berlin. Daniel’s research interests encompass the development of learning-based methodologies to fortify the security and privacy of systems.

Kathrin Grosse, IBM

Title: From AI Vulnerabilities to AI Security Incident Reporting and Beyond

Abstract: In this talk, we revisit the evidence of vulnerabilities and exploits within the realm of Artificial Intelligence, encompassing both traditional AI and Large Language Models (LLMs). Such vulnerabilities necessitate prevention, which we suggest could be handled by incident reporting. Such a procedure has been established in non-AI security - yet AI security warrants special treatment due to AI being versatile, and AI models differ significantly from software with vulnerabilities. However, a significant challenge is not just the lack of a standardized reporting framework, but also a knowledge gap among practitioners. Even when they are aware of the risks, many lack the practical guidance needed to effectively evaluate and secure their models. Our discussion will thus also cover how to threat model real-world applications using AI.

Bio: In this talk, we revisit the evidence of vulnerabilities and exploits within the realm of Artificial Intelligence, encompassing both traditional AI and Large Language Models (LLMs). Such vulnerabilities necessitate prevention, which we suggest could be handled by incident reporting. Such a procedure has been established in non-AI security - yet AI security warrants special treatment due to AI being versatile, and AI models differ significantly from software with vulnerabilities. However, a significant challenge is not just the lack of a standardized reporting framework, but also a knowledge gap among practitioners. Even when they are aware of the risks, many lack the practical guidance needed to effectively evaluate and secure their models. Our discussion will thus also cover how to threat model real-world applications using AI.

Sofía Celi, Brave

Title: Practical Cryptography: From Deployed Primitives to Real-World Protocol Design

Abstract: This series examines how modern cryptographic techniques are used in real systems and how design choices shape their security and social impact. We will explore privacy in large-scale deployments, the guarantees and limitations of network and web protocols, and the use of zero-knowledge proofs in attestation and credential verification.

Participants will learn how these mechanisms work, how they fail, and how such failures can affect vulnerable communities. We will also discuss private information retrieval in privacy-preserving services and advanced authentication mechanisms that combine several cryptographic tools.

Throughout the series, we will connect technical concepts to real-world consequences and highlight how to design systems that are secure, deployable, and protective in practice.

Bio: Sofía Celi is a Senior Cryptography and Security Researcher at Brave, specializing in privacy-enhancing technologies, post-quantum cryptography, and practical applications of zero-knowledge proofs. She contributed to the Off-the-Record (OTR) messaging protocol and co-authored the post-quantum signature scheme MAYO, submitted to NIST. Sofía is an Honorary Industrial Fellow at the University of Bristol, and sits on the Advisory Council of the Open Technology Fund. She also holds leadership roles within the IETF, IRTF, and W3C, and advises international human-rights organizations on the impact of emerging technologies. She is a co-founder of Criptolatinos and WinC.

Sandra Deepthy Siby, NYUAD

Title: Web Tracking: How the Internet watches us and what we can do about it

Abstract: Modern web services rely on complex and largely invisible tracking infrastructure that continuously collects, infers, and monetizes information about users. This talk provides an overview of how web tracking works in practice — from cookies and fingerprinting to cross-site identity linking and real-time advertising auctions. We will explore how tracking signals are collected and monetized, why economic incentives keep tracking pervasive, and the broader implications of such extensive data collection. We will also cover the ongoing arms race between tracking technologies and the countermeasures developed to limit them.

Bio: Sandra Siby is an Assistant Professor of Computer Engineering at New York University Abu Dhabi (NYUAD), where she leads the Haven Lab and serves as a co-PI at the Center for Cyber Security. Her research focuses on advancing the security and privacy of online systems, with the long-term goal of enabling digital services that are inherently designed with user privacy and security at their core. Her work has influenced industry solutions and attracted interest from standardization bodies such as the IETF. Sandra received her PhD from EPFL and completed her postdoctoral training at Imperial College London.

Godwin Mandinyenya, UCT

Title: AI-driven Zero-trust Models for Healthcare Systems

Abstract: Healthcare systems face growing cyber risks that exceed the capabilities of perimeter-based security. This work explores the potential of AI-driven Zero-Trust models for healthcare environments, focusing on continuous authentication, adaptive trust assessment, and context aware access control. The work outlines key architectural principles, opportunities, and challenges of integrating artificial intelligence into Zero-Trust healthcare security. The contribution is a conceptual foundation for future research on adaptive, resilient, and compliance-aware cybersecurity models for healthcare systems.

Bio: Dr Godwin Mandinyenya is a Post-Doctoral Fellow in the Department of Information Systems at the University of Cape Town. His doctorate studies focused on blockchain security, artificial intelligence, and data privacy. Currently he is conducting research on cybersecurity frameworks, digital inclusion, and risk mitigation in rural and disadvantaged educational environments. With over 11 years of teaching and supervision experience, he has published extensively in IEEE, ACM and Springer. His research interests include zero-trust security models, healthcare cybersecurity, distributed systems and ethical AI-blockchain integration.

CISPA Speakers

Lea Schönherr, CISPA

Title: Can We Trust Generative AI? Understanding and Mitigating Security Threats in Today’s Machine Learning Systems

Abstract: Generative AI (genAI) is becoming more integrated into our daily lives, raising questions about potential threats within these systems and their outputs. In this talk, we will examine the security challenges and threats associated with generative AI. This includes the deception of humans with generated media and the deception of machine learning systems. In the first part of the talk, we look at threat scenarios in which generative models are utilized to produce content that is impossible to distinguish from human-generated content. This fake content is often used for fraudulent and manipulative purposes. As generative models evolve, the attacks are easier to automate and require less expertise, while detecting such activities will become increasingly difficult. This talk will provide an overview of our current challenges in detecting fake media in human and machine interactions and the effects of genAI media labeling on consumers' trust. The second part will cover exploits of LLMs to disrupt alignment or to steal sensitive information. Existing attacks demonstrate that LLM content filters can be easily bypassed with specific inputs, leading to the leakage of private information. From an alternative perspective, we demonstrate that obfuscating prompts offers an effective way to protect intellectual property. Our research demonstrates that with minimal overhead, we can maintain similar utility while safeguarding confidential data, highlighting that defenses in foundation models may require fundamentally different approaches to utilize their inherent strengths.

Wouter Lueks, CISPA

Title: Designing Privacy-Friendly Systems

Abstract: Digital technologies are everywhere. Yet, with the increase in digitalization also come privacy risks. In this lecture we will take a look at the most important technologies for designing privacy-friendly systems, ranging from secure multi-party computation to anonymous communication. We will see how to combine such techniques into fully private systems, and how to reason and think about the security properties that they provide.

Bio: Wouter Lueks is a tenure-track faculty member at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Before that he was a postdoctoral researcher at EPFL in Lausanne, Switzerland where he worked with Prof. Carmela Troncoso. He is interested in solving real-world problems by designing end-to-end privacy-friendly systems. To do so he combines privacy, applied cryptography, and systems research. His work has real-world impact. For instance, his designs for privacy-friendly contact tracing have been deployed in millions of phones around the world, and his secure document search system is being deployed by a large organization for investigative journalists.

Mridula Singh, CISPA

Title: Time and Range Integrity Checks

Abstract: Wide-area positioning is foundational to applications ranging from aviation and maritime operations to drones and connected vehicles, yet the signals we rely on, especially GNSS, remain susceptible to spoofing attacks. In this lecture, we will build intuition for what “secure positioning” means and why it is harder than simply adding cryptography to existing systems. We will then look at verifiable multilateration (VM) as a representative secure positioning technique: VM forms a constrained geometric region using multiple two-way ranging (TWR) interactions, but its reliance on uplink receptions makes it difficult to deploy at a wide-area scale. We then introduce TRICK, a technique that bridges this gap by allowing authenticated broadcast signals to contribute in secure region formation, while requiring only a minimal number of TWR measurements. We close by discussing what TRICK changes for practical secure coverage at scale, and what it implies for designing the next generation of secure wide-area positioning systems.

Bio: Mridula Singh is a tenure-track faculty member at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Her primary research focus is systems security and wireless security, with emphasis on practical attacks and deployable defenses. Her work on physical-layer Message Time-of-Arrival Codes has been used for securing passive keyless entry and start systems in commercial vehicles. She is currently working on securing sensing modalities for autonomous vehicles and designing scalable positioning systems. Prior to joining CISPA, she co-founded Trishulam during her master’s studies and worked as a research engineer at Xerox Research Center India. She received her M.Tech. in Computer Science from IIIT-Delhi, India, and her Ph.D. in Computer Science from ETH Zurich, Switzerland.

More details will follow soon.

Please have a look at last year's school, 2024's Summer School on Usable Security , 2024 Summer School on Privacy-Preserving Cryptography Summer School 2023, Summer School 2022, or our Digital Summer School 2021 to get a general idea of the event.

If you have any questions or queries for any of our summer schools, our Summer-School team will be glad to help via [email protected].

Please note that we are always publishing speakers and topics/titles on our website, as soon as they are confirmed. Please refrain from requesting titles and detailed topics etc. via e-mail. If you want to wait with your application until the detailed program is finished, that is perfectly fine. We just want to give interested students this opportunity to register early and secure their spot ahead of time.