Foundations of Language Model Security EurIPS 2025 Workshop

About the Workshop

Language model security stands at a critical juncture. Despite extensive work on adversarial attacks and basic defenses, we still lack a deep understanding of the principles that drive these vulnerabilities: the mathematical and computational properties that create them, how model internals process adversarial inputs, and whether current evaluations capture real-world security risks.

This workshop brings together researchers in adversarial robustness, conversational and sociotechnical AI safety, and broader LLM security to move beyond surface-level observations—probing the mechanisms behind vulnerabilities and charting a path toward genuinely secure architectures.

Emphasizing foundational understanding over incremental improvements, we ask:

What mathematical and computational properties make language models inherently vulnerable?
How can interpretability inform our view of attack surfaces and defense mechanisms?
Which evaluation frameworks can bridge the gap between benchtop metrics and real-world security failures?
What blind spots persist in our current research programs and conceptual frameworks?

Our goal is to catalyze rigorous, cross-disciplinary discussion that advances the theoretical, empirical, and evaluative foundations of language model security.

Workshop Format

The workshop consists of four thematic blocks. Each block includes an expert keynote (45 minutes), two contributed talks (15 minutes), and an extended guided discussion (45 minutes) among participants, presenters, and domain experts. Our format prioritizes deep engagement and discussion over talk density.

Trade-offs in System-level defences against Prompt Injections

Keynote: Ilia Shumailov

Practical LLM security

Keynote: Kathrin Grosse (IBM Research)

Emergent Security in Complex AI Ecosystems

Keynote: Verena Rieser (Google DeepMind)

TBA

45 min

Expert Keynote

15 min

2 Contributed Talks

45 min

Guided Discussion

×4

Invited Speakers

Kathrin Grosse

IBM Research, Zurich

AI Security in Industry

Verena Rieser

Google DeepMind

VOICES Team Lead

Ilia Shumailov

AI Sequrity Company

ML Security & Privacy

TBA

Schedule

08:50 - 09:00

Opening Remarks

09:00 - 11:45

Block 1: Emergent Security in Complex AI Ecosystems

Keynote: Verena Rieser (Google DeepMind)

11:45 - 13:00

Lunch Break

13:00 - 14:45

Block 2: Practical LLM Security

Keynote: Kathrin Grosse (IBM Research)

14:45 - 15:00

Coffee Break

15:00 - 16:45

Block 3: Trade-offs in System-level defences against Prompt Injections

Keynote: Ilia Shumailov

16:45 - 17:00

Break

17:00 - 18:30

Block 4: TBA

18:30

Closing Remarks & Networking

Call for Talk Contributions

We invite short contributed talks that advance the foundations of language model security. We are especially interested in work that clarifies the mathematical and computational properties underlying vulnerabilities, sheds light on how model internals process adversarial inputs, and proposes evaluation frameworks that better capture real-world security risks.

Submission Guidelines

Format: Talk proposals only—no papers, no archival proceedings
Requirements: Title, 200-300 word abstract, optional one-page summary or single slide
Platform: OpenReview (link forthcoming by Oct 7)
Talk Length: 7-minute spotlights (8 talks total, 2 per thematic block)

Important Dates

Submission Deadline

October 17, 2025

Notification

October 31, 2025

Workshop

December 6-7, 2025

Review Process

Submissions will be assigned to thematic blocks by organizers. Each submission receives reviews from three randomly selected authors from other thematic blocks. Selection emphasizes fit to foundational themes, clarity, novelty of insight, and potential to generate discussion. We explicitly encourage work-in-progress and preliminary findings that advance foundational understanding.