2026 International Symposium on AI Security and Privacy (AISecP 2026)

Call for Papers

Official Abbreviation: AISecP 2026

Conference Dates: To be announced

Venue: Chengdu, China | Hybrid (In-Person + Virtual Online)

Sponsor: School of Cyber Science and Engineering, Sichuan University

1. Conference Scope & Mission

The International Symposium on AI Security and Privacy (AISecP 2026) is a course-based simulated academic conference for training students in scholarly writing, peer review, and conference organization.

AISecP 2026 aims to foster the development of scientifically rigorous, practically relevant, and ethically responsible research addressing the security and privacy challenges posed by modern AI systems. The symposium welcomes original research contributions spanning theoretical foundations, empirical studies, system designs, benchmarks, measurement studies, and real-world deployments.

The conference particularly encourages interdisciplinary work bridging machine learning, systems security, cryptography, privacy engineering, human-centered security, and AI governance.

2. Topics of Interest

We solicit submissions across the full spectrum of AI security and privacy research, including but not limited to the following areas:

• Adversarial Machine Learning: Novel attacks and defenses for ML/LLM systems, evasion, poisoning, backdoor attacks, robustness evaluation, and certified defenses

• Foundation Model & LLM Security: Alignment and jailbreaking defense, prompt injection, model theft and watermarking, output safety, hallucination mitigation, and red teaming for LLMs

• AI Privacy & Confidential Computing: Privacy-preserving ML, differential privacy, federated learning, secure multi-party computation for AI, model and data privacy leakage, and membership inference attacks

• Multi-modal AI Security: Security risks and defenses for vision-language models, diffusion models, generative AI, deepfake detection, and AI-generated content (AIGC) safety

• Formal Verification for AI: Formal methods for AI system safety, robustness verification, logical consistency checking, and trustworthy AI certification

• AI System & Supply Chain Security: AI model supply chain attacks, dataset integrity, open-source AI component security, and AI infrastructure security

• AI for Cybersecurity: AI-driven threat detection, vulnerability discovery, malware analysis, intrusion detection, and security automation

• Edge & Embedded AI Security: Security and privacy for on-device AI, IoT AI systems, and lightweight AI model protection

• AI Security Governance, Ethics & Regulation: AI security compliance, risk assessment frameworks, ethical AI design, and legal and policy implications of AI security

• Systematization of Knowledge (SoK): Critical reviews, benchmarking, and systematic analysis of existing research in AI security and privacy

• Emerging Topics: Novel security and privacy challenges in AGI, embodied AI, quantum AI, and other cutting-edge AI paradigms

3. Paper Categories

AISecP 2026 accepts four categories of submissions, all of which will undergo the same rigorous double-blind peer review process:

1. Research Papers: Full-length papers presenting original, high-impact research with complete theoretical analysis, experimental validation, and novel contributions. Page limit: no more than 13 pages of main text, with unlimited additional pages for references and well-marked appendices. Reviewers are not required to read appendices.

2. Systematization of Knowledge (SoK) Papers: Papers that consolidate, clarify, and critically evaluate existing research in a major area of AI security. SoK papers must go beyond literature surveys, identifying key research gaps, challenging widely held assumptions, and providing new insights to guide future research. Page limit: no more than 13 pages of main text. Titles must be prefixed with "SoK:".

3. Short Papers: Concise papers presenting preliminary but promising research results, innovative ideas, proof-of-concept implementations, or focused case studies. Page limit: 6 pages of main text, including references.

4. Poster & Demo Papers: Papers describing work-in-progress, system demonstrations, educational tools, or practical security implementations relevant to the AI security community. Page limit: 4 pages of main text, including references.

4. Important Dates

All deadlines are 23:59:59 (Asia/Shanghai). No extensions will be granted for any deadlines.

5. Submission Policies & Guidelines

5.1 Format Requirements

• Submissions should be prepared as a PDF file and should be clearly readable by reviewers. Authors are encouraged to use the IEEE Computer Society Proceedings LaTeX template, preferably with the following LaTeX class: \documentclass[conference]{IEEEtran}

• However, strict compliance with the IEEE format is not mandatory for this course-based conference. Other academic paper formats are also acceptable, as long as the submission has a clear structure, readable layout, properly formatted figures and tables, and complete references.

• Submissions must respect the page limits specified for each paper category. Minor formatting deviations will not lead to desk rejection, but papers that are difficult to read, lack basic academic structure, or substantially exceed the page limit may be returned for revision or rejected by the organizing committee.

5.2 Double-Blind Review & Anonymity Policy

AISecP 2026 employs a strict double-blind peer review process. Failure to comply with anonymity requirements will result in immediate desk rejection.

• The title page, main text, appendices, and supplementary materials must not contain any author names, affiliations, funding numbers, acknowledgments, or any other identifying information.

• When referencing your own prior work, you must cite it in the third person, as if it were written by unrelated authors. Self-citations that reveal author identity are strictly prohibited.

• Links to supplementary materials (code, datasets, etc.) must be to anonymized repositories (e.g., Anonymous GitHub). The linked content must not contain any identifying information about the authors.

• Authors may post preprints of their work on arXiv or other platforms, but must not update the preprint during the review period, must not include a link to the submitted paper, and must not publicize the submission to the conference. Preprints must not be used to reveal author identity to reviewers.

5.3 Originality & Dual Submission Policy

• All submissions must be original, unpublished work, and must not be under review at any other conference, journal, or publication venue at the time of submission. Concurrent dual submission is strictly prohibited.

• Submissions may not extend work that has been previously published in a peer-reviewed venue, unless the extension contains significant novel contributions (at least 30% new technical content) and clearly cites the prior work.

5.4 Conflict of Interest (COI) Policy

All authors must declare all potential conflicts of interest with Program Committee (PC) members during the abstract registration phase, in accordance with IEEE TCSP guidelines. A conflict of interest exists if:

• A PC member is a co-author of the paper.

• A PC member has been affiliated with the same institution as any author within the past 2 years.

• A PC member has collaborated on a research publication with any author within the past 2 years.

• A PC member has a close personal or professional relationship with any author that could bias the review process.

• For student authors, a conflict exists with their PhD supervisors and members of their home research group.

5.5 Ethics & Responsible Research Policy

All submissions must adhere to the highest standards of ethical research.

• Research involving human subjects must include a statement confirming that the study was approved by the relevant Institutional Review Board (IRB) and that informed consent was obtained from participants.

• Papers describing offensive security research (e.g., LLM jailbreaking, adversarial attacks) must include a responsible disclosure plan, a detailed discussion of mitigation strategies, and a clear justification for the public benefit of the work. We will not accept papers that only present harmful attacks without corresponding defenses.

• Authors must disclose any potential biases, limitations, or negative societal impacts of their research.

5.6 Use of Generative AI Tools

Authors may use generative AI tools (e.g., large language models) for limited assistance in language editing or code completion. However, authors are fully responsible for the accuracy, originality, and integrity of all submitted content.

Generative AI tools may not be listed as authors. Submissions containing fabricated results, fake citations, or AI-generated content without proper human verification may be rejected for academic misconduct.

6. Review Process

All valid submissions will undergo a rigorous, multi-stage review process aligned with the top cybersecurity conferences:

1. Desk Reject Screening: The Program Chairs will first screen submissions for basic readability, anonymity, originality, and scope requirements. Minor formatting deviations will not lead to desk rejection, but papers with serious readability, anonymity, or academic integrity issues may be returned for revision or rejected.

2. PC Review: Each valid submission will be assigned to at least 3 independent PC members with relevant expertise, and will receive at least 3 detailed peer reviews. Reviews will be based on novelty, technical rigor, scientific soundness, real-world impact, and clarity of presentation.

3. Rebuttal Phase: Authors will have a 4-day window to respond to factual errors or misunderstandings in the reviews. Authors may not add new technical content or experimental results during the rebuttal period.

4. PC Meeting: The Program Committee will hold a virtual meeting to discuss all submissions, taking into account the reviews and author rebuttals, and make final acceptance decisions.

5. Final Notification: Authors will be notified of acceptance or rejection, along with the full set of reviews and detailed feedback.