About the Workshop
Generative Artificial Intelligence (GenAI) systems are increasingly deployed in high-impact domains, raising critical concerns about the protection of training data, deployed models, and generated outputs. These systems face a growing range of security and privacy risks, including data leakage, membership and attribute inference, model extraction, prompt injection, poisoning attacks, and misuse of generated content.
Addressing these challenges requires not only robust technical defenses, but also thoughtful alignment with emerging governance, regulatory, and policy frameworks.
The Data and Model Protection in Generative AI (DMP) workshop at AI/CRV 2026 brings together researchers, practitioners, and policymakers to examine the evolving threat landscape affecting GenAI systems and to discuss effective mitigation strategies.
Call for Papers
We invite submissions to the Data and Model Protection in Generative AI workshop at AI/CRV 2026. This workshop aims to bring together researchers, practitioners, and policymakers to examine the evolving threat landscape affecting GenAI systems and to discuss effective mitigation strategies.
Topics include, but are not limited to, the following:
- Data poisoning, backdoor attacks, and defenses in machine learning
- Privacy risks and training data leakage in generative models
- Dataset provenance, attribution, and governance
- Model extraction, model stealing, and intellectual property protection
- Model watermarking, fingerprinting, and ownership verification
- Security risks in generative AI (e.g., prompt injection, jailbreak attacks)
- Robust and secure machine learning pipelines
- Governance, auditing, and responsible deployment of AI systems
Submission Guidelines
Submissions may report new research results, empirical analyses, system implementations, benchmarks, negative results, or visionary perspectives (e.g., positions). We also welcome submissions of recently published work — authors may submit papers published at or accepted to a venue in 2025 or 2026 for presentation at the workshop.
- Long track: up to 9 pages (excluding references)
- Short track: up to 4 pages (excluding references)
- Formatting: use the official Canadian AI 2026 style files and submit a single PDF. New submissions should be anonymized; published papers may be submitted in their published form.
- Appendix: include any supplementary material in the same PDF — no page limit for the appendix.
Review Process
Important Dates
| April 21, 2026 | Submission deadline (AoE) |
| April 23, 2026 | Notification of decisions (AoE) |
| May 25, 2026 | Workshop day — co-located with AI/CRV 2026 |
Confirmed Speakers
Jekaterina Novikova is a Principal AI Scientist at Vanguard, specializing in computational models of natural language processing. Her work spans AI-powered natural language generation, machine learning for detecting cognitive impairment and mental health issues, and advancing human-robot interaction. She holds a PhD in Computer Science from the University of Bath and brings over a decade of experience in AI research across industry, academia, and non-profit organizations. She has contributed to major open-source AI projects including BLOOM LLM and BIG-Bench, and has been recognized as one of the Top 50 Most Extraordinary Women Advancing AI (2024) and Top 25 Women in AI in Canada (2022).
To be announced.
Yangyi Liu is a Senior AI/ML Scientist at Vanguard, specializing in pattern recognition, knowledge extraction, and structured representation learning from domain-specific data. His research focuses on applying ML/AI models and techniques to convert unstructured data into structured representations for training, aligning, and improving AI models. His expertise encompasses trustworthy and explainable AI, structured knowledge representation, information theory, and LLMs. He completed his PhD at McMaster University. His work now focuses on bridging fundamental research and applied solutions, creating solutions that address practical challenges and advance transparency and reliability in AI.
To be announced.
Sirisha Rambhatla, Ph.D., holds the Val O'Donovan Chair in Efficient, Safe, and Adaptive AI in the Faculty of Engineering and is an Assistant Professor in the Management Science and Engineering Department at the University of Waterloo, with cross-appointments in Systems Design Engineering and the David R. Cheriton School of Computer Science. Her research centers on the belief that machine learning systems deployed in high-stakes environments must be efficient enough to be practical, adaptive enough to be useful, and safe enough to be trusted. As Director of the Critical Machine Learning Lab, she develops models that meet all three demands, with applications spanning healthcare, manufacturing, and aviation. Her work has garnered over 50 publications and wide media coverage, and has been recognized with the 2025 Engineering Research Excellence Award and the 2025 Outstanding Performance Award from the University of Waterloo, and the 2021 Merit Award for Excellence in Postdoctoral Research from the University of Southern California. She earned her Ph.D. and M.S. in Electrical Engineering from the University of Minnesota, Twin Cities.
Adapting large language models (LLMs) to new tasks and deployment contexts is central to how AI systems are built and used, yet adaptation needs to be understood from two critical angles: efficiency and safety. In this talk, I examine both. First, I present SubTrack++, a training algorithm that leverages subspace tracking, a projection-aware optimizer, and rescaling normalization to simultaneously achieve state-of-the-art performance on memory, wall-time, and loss. Second, I show that adaptation is not just a resource problem but a safety one: even routine, well-intentioned fine-tuning has been shown to silently erode safety guardrails, yet no systematic characterization of this risk existed across models. To this end, I introduce TamperBench, the first benchmark of safety robustness under fine-tuning across 21 open-weight LLMs, revealing surprising disparities in how different models respond to tampering. As LLMs are adapted at ever-increasing scale, we need to treat efficiency and safety not as separate tracks, but as joint design criteria for the next generation of solutions.
Reza Samavi is an Associate Professor in the Department of Electrical, Computer, and Biomedical Engineering at Toronto Metropolitan University and a faculty affiliate with the Vector Institute for Artificial Intelligence. He received his PhD from the University of Toronto. His research interests include Data Security & Privacy, Safety & Security of Machine Learning models, and Trustworthy AI. He has received research funding from NSERC, SOSCIP, MITACS, HHS, and IDEaS, and has been recognized with the Privacy Technologies Research Award from IBM and the Privacy By Design Research Award from the Information and Privacy Commissioner of Ontario.
To be announced.
Mathias Lécuyer is an Assistant Professor at the University of British Columbia, where he is part of the ML, Systems, and Security & Privacy groups, as well as CAIDA and TrustML. He is also Head of Research at Wiremind. Prior to joining UBC, he was a postdoctoral researcher at Microsoft Research New York and completed his PhD at Columbia University. His research focuses on trustworthy AI, with an emphasis on enforcing provable guarantees in models and their data ecosystems, spanning privacy, adversarial robustness, explainability, and causal machine learning. His foundational work on Randomized Smoothing — the only technique to provably ensure robustness that scales to large AI models — has garnered over a thousand citations.
To be announced.
Linyi Li is an Assistant Professor in the School of Computing Science at Simon Fraser University, where he directs the TAI Lab. His research focuses on trustworthy deep learning, with an emphasis on certifiably trustworthy deep learning and trustworthy foundation models, spanning machine learning and computer security. He works on enabling certifiable and verifiable trustworthiness guarantees (such as robustness, fairness, and numerical reliability) for large-scale deep learning systems, and on scientifically evaluating foundation models. He has published over 30 papers at top venues including ICML, NeurIPS, ICLR, IEEE S&P, and ACM CCS, and has received the Rising Stars in Data Science award, the AdvML Rising Star Award, and the Wing Kai Cheng Fellowship. He received his PhD in Computer Science from the University of Illinois Urbana-Champaign.
Large Language Models (LLMs) are fundamentally reshaping the software development landscape, necessitating rigorous new standards for evaluation. In this talk, I introduce three representative benchmarks that capture the progression of code intelligence: InfiBench (NeurIPS 2024), RV-Bench (AAAI 2026), and AppForge (ICLR 2026). I will detail how these frameworks target distinct capabilities: InfiBench utilizes expert-curated Q&A to assess core software development proficiency; RV-Bench challenges mathematical reasoning and robustness through randomly injected variables in logic puzzles; and AppForge provides a complex, interactive environment for evaluating end-to-end Android application development. Developed between 2023 and 2025, these co-evolving benchmarks do not merely track progress but actively define it — balancing user-centric alignment with rigorous scientific principles. Finally, I will discuss the lessons learned through building these benchmarks, how these benchmarks have provided critical insights to guide the training of frontier models, and conclude by envisioning the future of benchmark research.
Joanna Redden is an Associate Professor at the Faculty of Information & Media Studies (FIMS) at Western University and co-director of the Starling Centre and the UK-based Data Justice Lab. Her research focuses on datafication, politics, governance, and social justice. She is currently working on projects that map and analyze the social and political implications of increasing government uses of AI and automated data systems, learn from data harms and those working to redress them, and advance civic participation in datafied societies. She is co-author of Understanding Media: Communication, Power and Social Change (Penguin, 2024) and Data Justice (Sage, 2022), and author of The Mediation of Poverty (Lexington, 2014). Prior to joining Western, she was a Senior Lecturer at Cardiff University and an Assistant Professor at the University of Calgary. She holds a PhD from Goldsmiths University of London.
To be announced.
Sébastien Gambs has held the Canada Research Chair in Privacy and Ethical Analysis of Massive Data since December 2017 and has been a professor in the Department of Computer Science at the Université du Québec à Montréal since January 2016. His main research theme is privacy in the digital world. He is also interested in solving long-term scientific questions such as the existing tensions between massive data analysis and privacy, as well as ethical issues including fairness, transparency, and algorithmic accountability raised by personalized systems.
Fairwashing refers to the risk that an unfair black-box model can be explained by a fairer model through post-hoc explanation manipulation. In this talk, I will first discuss how fairwashing attacks can transfer across black-box models, meaning that other black-box models can perform fairwashing without explicitly using their predictions. This generalization and transferability of fairwashing attacks imply that their detection will be difficult in practice. Finally, I will nonetheless review some possible avenues of research on how to limit the potential for fairwashing.
Elliot Creager is an Assistant Professor in the Department of Electrical and Computer Engineering at the University of Waterloo, where he directs the Socially Embedded Machine Intelligence (SEMI) lab. His research focuses on building reliable and equitable AI systems that promote user data autonomy. He is a Faculty Affiliate at the Vector Institute for Artificial Intelligence and the Schwartz Reisman Institute for Technology and Society.
The integration of AI into daily life has generated considerable attention and excitement, while also raising concerns about automating algorithmic harms and re-entrenching existing social inequities. While the responsible deployment of trustworthy AI systems is a worthy goal, there are many possible ways to realize it, from policy and regulation to improved algorithm design and evaluation. In fact, since AI trains on social data, there is even a possibility for everyday users, citizens, or workers to directly steer its behavior through Algorithmic Collective Action, by deliberately modifying the data they share with a platform to drive its learning process in their favor. I will discuss a few recent and ongoing projects from my lab that explore this theme.
Organizers
For enquiries, please contact the organizers via the official workshop page.