The overarching research objective is to develop novel techniques and methods with strong roots in AI and cybersecurity to achieve holistic cyber resilience throughout the AI lifecycle.
The research of RESIST CENTER is divided into four different research themes, as well as a validation program and various center activities to verify and test novel methods in real life contexts.
is built on four themes
Research theme 1
Make AI systems interpretable, tamper-resistant and provenance-assured throughout their lifecycle. Building resilience in terms of properties that lack consensus yet are demanded by regulations such as EU AI Act.
Establishing threat modelling framework for dataset provenance, adaptation of zero knowledge proofs for model verification, verifiable machine unlearning strategies, extending XAI techniques for root-cause analysis and interpretability of AI systems.
Creating a synergy between "security by design" and "security by assurance" in AI systems. Comprehensive verification stack based on rigorous definitions and measurable criteria for interpretability, verifiability and traceability.
Research theme 2
Protecting AI models at runtime
Developing novel methods for detecting and defending against attacks targeting inputs, outputs, and overall model behaviour
Go beyond model- or attack-specific studies toward structured, generalizable defences for AI systems at runtime. Deployed models are treated as operational infrastructures requiring continuous, systematic runtime assurance.
Research theme 3
Correctness and security of AI-generated code
Developing novel methods and techniques necessary to assess, improve and verify the security of AI-assisted and AI-generated code.
Enabling security as a prime objective when training code-generating AI models, providing semantics-aware mechanisms to support training and verification, and using white-hat AI agents to harden the output.
Research theme 4
Trustworthy and secure distributed AI from data collection, training, models, to interactions with Agentic AI
Verified, protocols for AI workload distribution on trusted execution environments (TEEs), AI code confidentiality side channel analysis and protection, protected federated learning with robust homomorphic encryption (HE), identification of potential malicious agentic AI patterns and countermeasures.
New, formally proven, AI workload distribution protocols and new countermeasures against workload code confidentiality. New combination of distributed learning techniques with the paradigm of multi-party homomorphic encryption. Agentic AI formal interaction protocol specifications allowing deriving execution guards.
