CyberSweden

As online scams evolve in scale and sophistication, traditional defenses are no longer sufficient to protect users from financial and emotional harm. At Gen Digital’s Research Labs, we are pioneering a new approach to digital safety—one that combines deep cybersecurity expertise with domain-trained AI systems capable of detecting fraud before it reaches the user. 

In this talk, I will present the latest advancements in our AI-powered anti-scam technologies, including SMS and email protection, real-time browser and messaging app defenses, and our most recent AI assistant for scam prevention. I will share key findings from our research on scammer behavior, highlight regional trends in AI-enabled scams, and discuss the growing role of AI tools on this topic.

Leyla Bilge is Director of the Scam Research Labs at Gen. She holds a Ph.D. from Eurecom and Telecom ParisTech on the topic of network-based botnet detection problems. Her interests embrace most of the systems security topics with a special focus on data analysis for cyber security, DNS-based malicious URL detection, predictive analytics, cyber insurance, and web privacy.

Modern software development has embraced the concept of “code reuse,” which is the practice of relying on third-party code to avoid “reinventing the wheel” (and rightly so). While this practice saves developers time and effort, it also creates liabilities: the resulting app may behave in ways that the app developer does not anticipate. This can cause very serious issues for privacy compliance: while an app developer did not write all of the code in their app, they are nonetheless responsible for it. In this talk, I will present research that my group has conducted to automatically examine the privacy behaviors of mobile apps vis-à-vis their compliance with privacy regulations. Using analysis tools that we developed and commercialized (as AppCensus, Inc.), we have performed dynamic analysis on hundreds of thousands of the most popular Android apps to examine what data they access, with whom they share it, and how these practices comport with various privacy regulations, app privacy policies, and platform policies. We find that while potential violations abound, many of the issues appear to be due to the (mis)use of third-party SDKs (i.e., supply chain problems). I will provide an account of the most common types of privacy and security issues that we observe and how app developers can better identify these issues prior to releasing their apps.

Serge Egelman is the Research Director of the Usable Security and Privacy group at the International Computer Science Institute (ICSI), which is an independent research institute affiliated with the University of California, Berkeley. He is also Chief Scientist and co-founder of AppCensus, Inc., which is a startup that is commercializing his research by performing on-demand privacy analysis of mobile apps for developers, regulators, and watchdog groups. He conducts research to help people make more informed online privacy and security decisions, and is generally interested in consumer protection. This has included improvements to web browser security warnings, authentication on social networking websites, and most recently, privacy on mobile devices. Seven of his research publications have received awards at the ACM CHI conference, which is the top venue for human-computer interaction (HCI) research; his research on privacy on mobile platforms has received the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies, the USENIX Security Distinguished Paper Award, the Spanish Data Protection Authority’s Emilio Aced Personal Data Protection Research Award, as well as the CNIL-INRIA Privacy Research Award. His research has been cited in numerous lawsuits and regulatory actions, as well as featured in the New York Times, Washington Post, Wall Street Journal, Wired, CNET, NBC, and CBS. He received his PhD from Carnegie Mellon University and has previously performed research at Xerox Parc, Microsoft, and NIST.

Herbert Bos is full professor at the Vrije Universiteit Amsterdam and co-leads the VUSec Systems Security research group. He obtained an ERC Starting Grant to work on reverse engineering and an NWO VICI grant to work on vulnerability detection. In 2024, he was awarded an ERC Advanced Grant for research on detecting, analysing and mitigation transient execution attacks (such as Spectre, Meltdown and MDS) and an NWO Gravitation Grant for building a secure foundation for computer systems. Other research interests include OS design, microarchitectural attacks and defenses, fuzzing, exploitation, networking, and dependable systems.

He obtained his Ph.D. from the Cambridge University Computer Laboratory, and has been four years at the Universiteit Leiden.

Despina Spanou is Principal Adviser in the European Commission for Cybersecurity Coordination, including with security cross-cutting issues.

She was previously the Head of the Cabinet of the Vice-President of the European Commission, Margaritis Schinas (2019-2024). In this capacity she coordinated the Vice-President’s work on security, migration and asylum,health,skills, education,cultureand sports. She also coordinated the Vice-President’s EU Security
Union work, ranging from counterterrorism, organised crime and cybersecurity to hybrid threats.

Prior to that, she was Director for Digital Society, Trust and Cybersecurity at the Director-General of the Directorate-General for Communications Network, Content and Technology (DG CONNECT) of the European Commission. Ms. Spanou was responsible for the European Union’s cybersecurity policy and law, served as a member of the management board of ENISA, and of the Steering Board of the Computer Emergency Response Team for the EU Institutions (CERT-EU). She is a founding member of the Women4Cyber initiative and advocate for the need for more cybersecurity experts in Europe. She also teaches EU Cybersecurity policy at Harvard Kennedy School.

In her 20 years in the European Commission, Ms Spanou has held a number of senior management positions in the areas of Health and Consumer Policy and served as Deputy Head of Cabinet for Commissioners Kyprianou and Vassiliou. Before joining the European Commission, she practised EU competition and trade law with a US law firm for a number of years.

Despina Spanou is a member of the Athens Bar Association and holds a Ph.D. in European law from the University of Cambridge.

The mobile industry, with its unique characteristics, has been preparing for the transition to quantum-resistant cryptography for many years. As truly global standards, 4G and 5G require algorithms that are universally trusted and secure across all regions. Mobile networks are considered critical infrastructure, heavily regulated, and expected to adhere to government recommendations for migration timelines. However, performance and costs remain high priorities, which differs from national security systems. For many IoT applications, radio is the most limiting resource, making small sizes essential. Hardware like base stations has a long lifecycle, often remaining in service for decades. Mobile networks rely heavily on IETF standards for public-key cryptography, though they have a few unique protocols. 5G and 6G standards will introduce quantum-resistant algorithms in 2027–2028, and 6G will be quantum-resistant by design. Migrating public key infrastructure (PKI) and root-of-trust for firmware and software updates is a top priority. This talk will discuss these challenges and the industry’s plans to overcome them.

John is an expert in cryptographic algorithms and security protocols at Ericsson Research in Stockholm, Sweden. His work focuses on applied cryptography, security protocols, privacy, IoT security, post-quantum cryptography, and trade compliance. During his almost 20 years at Ericsson, he has worked with a lot of different technology areas and been active in many security standardization organizations including IETF, IRTF, 3GPP, GSMA, and NIST where he has significantly influenced cryptography, Internet, and cellular security standards. In addition to designing new protocols, John has also found significant attacks on many algorithms and protocols. John holds an MSc in engineering physics from KTH Royal Institute of Technology, Sweden, and an MSc in business administration and economics from Stockholm University.