Konrad Rieck 🌈

💭Ever dreamed of serving on the PC of one of the coolest security conferences in academia? Now is your chance. Nominate yourself and your capable friends for the Program Committee of @ACSAC_Conf 2026 🧑‍💻 forms.gle/SMbphtLggYcEGN…

we will present our work on practical binary type recovery at ACM CODASPY '26! prior work rarely focused on applicability: too slow, no meaningful filtering mechanisms, unsound struct recovery we address these gaps and present a system for headless type recovery at scale

If you ever dreamed of serving on the PC of one of the coolest cybersecurity conferences academia has to offer, now is your chance! Nominate yourself (and your capable friends) to serve on the PC of @ACSAC_Conf 2026: forms.gle/SMbphtLggYcEGN…

First Stealth, now FX… Hug your people a little tighter. They won't be around forever.

😍RELEASE: The TEAM-TESO cvs: thc.org/team-teso/ All exploits, advisories, teso-informationals (never released), burneye, bscan, ... plus some rare pictures. Enjoy & Keep hacking. Yours Sincerely, Team-Teso (via THC's twitter account).

Everyone today is a hacker in a sense but there are very few OG hackers on which shoulders we stand Oh dude, Felix “FX” Lindner you were so much a hackers hacker and you will be missed RIP my friend and thank you

The Call for Papers for our Special Issue in IEEE Security & Privacy is finally out: Autonomous AI Agents in Computer Security computer.org/digital-librar… Deadline is May 1, 2026. We are looking forward to your exciting submissions.

Still no plans for March 2026? How about a pretzel and a beer in Munich 🥨🍺 Registration for SaTML is now open: satml.org/attend/ We have a packed program with papers on secure, private, and fair machine learning. Accepted papers here: satml.org/accepted-papers

Congratulations to the winners of #ACSAC2025's third test of time award: "Cujo: Efficient Detection and Prevention of Drive-By-Download Attacks" by Konrad Rieck, Tammo Krueger, and Andreas Dewald published in ACSAC 2010. 👏👏👏

The lesson is clear: combining data from different sources and relying on AI creates a new attack surface. We need to fix this before AI weather forecasts become the norm. 👉 Paper: mlsec.org/docs/2025-ccs.… 🧳 Code: github.com/mlsec-group/ad… 🤗 Distinguished Paper Award at CCS 4/4

Our attack injects tiny perturbations into the measurements that cause GenCast, the currently best AI weather model by Google, to predict false extreme events. The required changes are so low that they fall within the natural noise of observations and are hard to detect. 3/4

AI predicts rain. We predict trouble! Today, Erik presents a novel attack on Google's latest AI weather model at @acm_ccs. By changing only 0.1% of the observations, the attack can fabricate or suppress the prediction of extreme events, from hurricanes 🌀 to heat waves 🔥 1/4

LLM-based Vulnerability Discovery - arxiv.org/pdf/2509.19117 Our investigation leads to a disappointing outcome: despite the impressive capabilities of language models in other domains, their performance in vulnerability discovery is not significantly different from that of a simple baseline. The substantial resources required to train these models, along with the considerable effort in curating high-quality training datasets, do not yield a substantial advantage over simple techniques developed decades ago. Authors: @_thrsten, @mlsec. Felix Weißberg, Lukas Pirch, Erik Imgrund, Jonas Möller at @TUBerlin @bifoldberlin #AISecurity #LLMResearch #LineVul #PDBERT #UniXcoder #CodeGen25 #StarCoder2 #GPT35Turbo #GPT4o #Devign #ReVeal #RATS #Semgrep #SCM #CodeBERT #BigVul #CrossVul #CVEfixes #DiverseVul #SARD #CodeXGLUE

4️⃣ PET-ARENA: How private is private enough? Probe privacy-preserving DB systems through real-world attacks and red-teaming missions. 🌐 tiktok-privacy-innovation.github.io/pet-arena/ 🧵5/5

3️⃣ AgentCTF: Agents under attack! Red-team or defend autonomous systems in adversarial playgrounds. 🌐 ctf.secure-agent.com 🧵4/5

We’re excited to announce this year’s competitions for @satml_conf 🎉 Get ready for four challenges tackling AI in space, backdoors in LLMs, CTF agents, and privacy-preserving databases. satml.org/competitions/ Let’s dive in! 🧵1/5

Reminder: SaTML is a fantastic venue for research in trustworthy ML, whose deadline is in the next week. If your nice paper was rejected from #NeurIPS2025, consider sending it to SaTML for a thoughtful review process instead of rolling the dice again