Summer School on Security and Privacy in the Age of AI
9 – 10 – 11 – 12 September 2025, Leuven, Belgium
Program
Get the full details on our summer school program
Team
Get to know the main speakers, teachers and chairs.
Registration
Get more info on fees and registration
Location
Discover the KU Leuven campus
Practicalities
Directions, Accommodation
KU Leuven’s Summer School on Security & Privacy in the Age of AI
4th edition – 2025
The summer school gathers international PhD students to enhance joint knowledge on Security & Privacy and AI/ML. We’ll discuss themes such as: How do ML solutions contribute to improvements in Security & Privacy? How will we ensure the robustness of ML applications and techniques in a context of attacks and adversarial behaviour? These themes are the centrefold, but not a limitation: we’ll also address topics such as data gathering and quality-of-data, data protection, bias and fairness. The ultimate goal is to jointly learn, discuss and target research results and research plans for the coming years.
The program is taught in English and is organized on-campus, in Heverlee, Leuven (Belgium).
Leuven is a charming university city, just a 20-minute ride from Brussels, 80-minute Thalys ride from Paris, and 2 hour Eurostar ride from London.
Get updates on cybersecurity courses for students.
when?
9 – 10 – 11 – 12 September 2025
where?
Campus Arenberg III, Computer Science
Celestijnenlaan 200A
3001 Heverlee, Belgium
Program
venue & accommodation
Registration and Fees
registration process
To apply for the summer school, please send a cover letter with your motivation and background details (500 words max), as well as your resume and a recommendation letter (PDFs only).
If your application is accepted, you’ll receive instructions on how to proceed with the payment.
tuition fee
Early bird: €350 – Register before June 21
Standard fee: €450
The tuition fee includes all the classes and course materials, lunches, coffee breaks, and social dinner. Accommodation is not provided.
Book your room asap, as Leuven can get busy. For tips, check here.
Meet our lecturers
Vera Rimmer is a research expert at the DistriNet research group at KU Leuven, where she conducts and leads research activities in the intersection of security, privacy and AI. She completed her PhD at KU Leuven in 2022, with the main focus on applying deep learning in anonymity networks and network defense systems. Currently, Vera and her team explore data analytics in intrusion and malware detection, and trustworthiness of data-driven AI in the wider ICT context. Vera is interested in developing comprehensive understanding, reasonable expectations and mitigation of risks of data-driven AI in the age of uncontrolled data collection and inference.
CHAIR
Andrew Paverd is a Principal Research Manager in the Microsoft Security Response Center (MSRC), where he leads the strategic research initiative on AI Security & Privacy. In collaboration with researchers from across Microsoft, he has been working on tools and techniques to measure and mitigate privacy risks in machine learning. His research interests also include web and systems security. Prior to joining Microsoft, he was a Fulbright Cyber Security Scholar at the University of California, Irvine, and a Research Fellow in the Secure Systems Group at Aalto University. He received his DPhil from the University of Oxford in 2016.
LECTURER
Daniel Arp is a tenure-track assistant professor in the Security and Privacy Research Unit at Technische Universität Wien. Previously, he held a postdoctoral research position at TU Berlin and a visiting research position at University College London and King’s College London. He received his Ph.D. with honours in Computer Science from TU Braunschweig for his dissertation titled “Efficient and Explainable Detection of Mobile Malware with Machine Learning.” Additionally, he holds a master’s degree in Computer Engineering from TU Berlin. Daniel’s research interests encompass the development of learning-based methodologies to fortify the security and privacy of systems. His work has been published in esteemed publications and has been recognised with numerous accolades, including the IEEE Symposium on Security and Privacy Test of Time Award and the USENIX Security Distinguished Paper Award.
LECTURER
Lorenzo Cavallaro is a Full Professor of Computer Science at University College London (UCL), where he leads the Systems Security Research Lab. He grew up on pizza, spaghetti, and Phrack, and soon developed a passion for underground and academic research. Lorenzo’s research vision is to enhance the effectiveness of machine learning for systems security in adversarial settings. He works with his team to investigate the interplay between program analysis abstractions, representations, and ML models, and their crucial role in creating Trustworthy AI for Systems Security. Despite his love for food, Lorenzo finds his Flow in science, music, and family.
CO-CHAIR
Kathrin Grosse is a research scientist at IBM Research Zurich. She received a Ph.D. in computer science from CISPA Helmholtz Center for Information Security, and afterwards worked as a Post-Doctoral Researcher with EPFL, Switzerland. During her PhD, she interned at Disney Research Zurich and IBM Yorktown, where her work resulted in a US Patent. Currently, her interests focus on AI security in autonomous vehicles and in the industry in general. As part of her work, she serves as a reviewer for IEEE S&P, Usenix Security, and ICML and organizes workshops at ICML. In 2019, she was nominated as an AI Newcomer for the German Federal Ministry of Education and Research’s Science Year.
LECTURER
Maura Pintor is an Assistant Professor at the PRA Lab, in the Department of Electrical and Electronic Engineering of the University of Cagliari, Italy. She received her PhD in Electronic and Computer Engineering from the University of Cagliari in 2022. She has provided several contributions in the area of adversarial machine learning, including efficient methods for ML testing and debugging frameworks for achieving trustworthy security evaluations of machine learning models. She is also the main organizer of the MLSec seminar series, aimed at inviting distinguished speakers to disseminate scientific results and applications to a worldwide audience.
LECTURER
Sofie Royer is a research expert at CiTiP (KU Leuven), and a guest professor at UAntwerpen and ULiège. After a brief interlude as a lawyer, she has been a research and teaching assistant at the Institute of Criminal Law (KU Leuven) and meanwhile a visiting researcher at the Max Planck Institute for Foreign and International Criminal Law in Freiburg (Germany). Her PhD thesis (2020) on criminal seizure in a digitizing world was published as a book. Sofie’s main research focus lies with the impact of new technologies on criminal law, criminal procedure, and human rights. She is involved in various national and international research projects and coordinates important policy studies. Sofie is a regular speaker at and organizer of conferences and seminars. She is often interviewed by journalists on topics of criminal law and digitization and she contributes to making the law more accessible to a broad audience by means of podcasts.
LECTURER
Fabio Roli is Full Professor of Computer Engineering at the Universities of Genova and Cagliari, Italy. He is Director of the sAIfer Lab, a joint lab between the Universities of Genova and Cagliari on Safety and Security of AI. Fabio does research on adversarial machine learning systems for security applications. He has been appointed Fellow of the IEEE, Fellow of the International Association for Pattern Recognition, and Fellow of the Asia-Pacific Artificial Intelligence Association.
CO-CHAIR
Battista Biggio (MSc 2006, PhD 2010) is Full Professor of Machine Learning at the University of Cagliari, Italy, and research co-director of AI Security at the sAIfer lab (www.saiferlab.ai). He has provided pioneering contributions in machine-learning security, for which he received the 2022 ICML Test of Time Award and the 2021 Best Paper Award and Pattern Recognition Medal from Elsevier Pattern Recognition. He has managed more than 10 research projects, including national and EU-funded projects, totaling more than 1.5M€ in the last 5 years. He regularly serves as Area Chair for top-tier conferences in machine learning and computer security like NeurIPS and the IEEE Symposium on Security and Privacy. He is an Associate Editor-in-Chief of Pattern Recognition, and chaired IAPR TC1 (2016-2020). He is Fellow of IEEE, Senior Member of ACM, and member of IAPR and ELLIS.
LECTURER
Giovanni Cherubin is a Senior Researcher at Microsoft Research (Cambridge) working with the Microsoft Response Centre (MSRC). Before joining Microsoft, he held research positions at the Alan Turing Institute and EPFL, and he obtained a PhD in Machine Learning and Cyber Security from Royal Holloway University of London. His research focuses on privacy and security properties of machine learning models, and on the theoretical/empirical study of their information leakage. He also works on reliable machine learning tools, such as distribution-free uncertainty estimation for machine learning (e.g., Conformal Prediction). Some of his work on security and machine learning has been recognised with best student paper awards (SLDS15, PETS17), distinguished paper (USENIX22), and with a USENIX Internet Defense Prize (2022).
LECTURER
Wouter Joosen is full professor at the Department of Computer Science of the KU Leuven and heading the DistriNet research group.
His research interests include security and privacy of distributed software systems, services and applications.
ORGANIZING CO-CHAIR
Location: Campus Arenberg III, KU Leuven, Heverlee, Belgium
The Arenberg campus is situated in Leuven, a place characterized by its beautiful architecture. With almost 50.000 students in a city of 100.000 inhabitants, Leuven has a specific atmosphere that is quite unique in the world. Read more about KU Leuven.
