by Andrea Piacquadio by Andrea Piacquadio

LLMSEC 2025

LLMSEC is an academic event publishing & presenting work on adversarially-induced failure modes of large language models, the conditions that lead to them, and their mitigations.

  • Date: Jul 31 or Aug 1, 2025 (tbd)
  • Location: Vienna, Austria
  • Co-located with ACL 2025 as a workshop

Scope

Large Language Models accept a variety of inputs and produce a variety of outputs. It is possible to find inputs that lead to LLM outputs that model creators, owners, or users do not want. Defining and enumerating this space is an open task. We describe LLM security as the field of investigating how models that process text can, by an adversary, be made to behave in unintended and harmful ways. %The field covers both weaknesses and vulnerabilities.

Research at LLMSEC includes the entire life cycle of LLMs, from training data through fine-tuning and alignment over to inference-time. It also covers deployment context of LLMs, including risk assessment, release decisions, and use of LLMs in agent-based systems.

Event scope is LLM attacks, LLM defence, and the contextualisation of LLM security. LLM attacks are anything that causes LLMs to behave in an unexpected/unintended manner usable by an adversary. In the LLM life cycle, this includes techniques like data poisoning and other model supply chain attacks, as well as the adversarial inputs that yield insecure outputs. Topics include:

  • Adversarial attacks on LLMs
  • Automated and adaptive LLM attacks
  • Data poisoning
  • Data extraction from trained models
  • Defining LLM vulnerabilities
  • Detection of adversarial LLM inputs
  • Ethical aspects of LLM security
  • Legal impacts and debates related to model security
  • LLM Denial-of-service
  • LLM security measurement
  • LLM supply chain attacks
  • Model input/output guardrails
  • Model inversion
  • Model policy
  • Multi-modal and cross-model models (e.g. vision&text-to-text, text-to-speech, speech-to-text)
  • Organising model exploits
  • Organising model failure modes
  • Practical tools for exploiting LLMs
  • Privacy breaches mediated by LLM
  • Privilege escalation and lateral movement mediated by LLMs
  • Prompt injection
  • Proofs-of-concept of LLM exploits
  • Red teaming of LLMs
  • Retrieval Augmented Generation security
  • Secure LLM use and deployment

Keynotes

1. Johannes Bjerva, Aalborg University (Denmark). Prof. Bjerva’s research is characterised by an interdisciplinary perspective on NLP, with a focus on the potential for impact in society. His main contributions to my field are to incorporate linguistic information into NLP, including large language models (LLMs), and to improve the state of resource-poor languages. Recent research focuses on embedding inversion and attacks on multi-modal models.

2. Erick Galinkin, NVIDIA Corporation (USA). Erick Galinkin is a Research Scientist at NVIDIA working on the security assessment and protection of large language models. Previously, he led the AI research team at Rapid7 and has extensive experience working in the cybersecurity space. He is an alumnus of Johns Hopkins University and holds degrees in applied mathematics and computer science. Outside of his work, Erick is a lifelong student, currently at Drexel University and is renowned for his ability to be around equestrians.

3. TBA

Submission formats

Submissions must be anonymised & de-identified following ACL policy, and in the ACL template.

Long & Short papers

We invite both short and long papers; short papers with a 4 page limit, long papers with an 8 page limit, with references, ethics statements, & other compulsory sections not subjected to this limit.

Qualitative work

As a relatively new field, still engaged in sense-making of the context of this research, we particularly welcome rigorous qualitative work, and work that provides novel information about LLMSEC practice and context.

War stories

Following cybersecurity tradition, LLMSEC also welcomes “war stories”, that is, accounts of security investigations or operations that are informative to broader audiences. These are intended to connect researchers and practitioners; LLM security is highly interdisciplinary and we have a lot to share with each other.

War story submissions need not provide novel quantitative empirical results, but should be illuminating and helpful to the workshop audience. They may be up to four pages, with references, appendices, and compulsory sections excluded from the limit

This section will be updated with the submission link when available.

Important Dates

  • Submission: 26 May 2025
  • Notification: 26 June 2025
  • Event: 31 Jul or 1 Aug, 2025

TZ: Anywhere on earth

Organisation

Leon Derczynski. Principal Scientist in LLM Security at NVIDIA Corporation, Associate Professor in NLP at ITU University of Copenhagen, President of ACL SIGSEC. https://www.linkedin.com/in/leon-derczynski/

Jekaterina Novikova. Science Lead at the AI Risk and Vulnerability Alliance (ARVA), Expert Advisor of ACL SIGSEC. https://jeknov.github.io/

Muhao Chen. Assistant Professor of Computer Science at Uuniversity of California, Davis, Secretary of ACL SIGSEC. Prof Chen has considerable organisational and service experience, including SAC and AC at NAACL, ACL, EMNLP, and AAAI, and co-chairing workshops at NAACL 2022 and AKBC 2022. https://muhaochen.github.io/

Committee

tba

Last updated on Nov 27, 2024

Edit this page