April 2026
Paper accepted: FLICS 2026 (Valencia)
“Client-Conditional Federated Learning via Local Training Data Statistics” accepted for presentation at the 2nd International Conference on Federated Learning and Intelligent Computing Systems, Valencia, June 9–12. The paper conditions a shared global model on locally computed PCA statistics of each client’s training data — handling diverse client distributions without extra communication or additional private information disclosure. Published in IEEE proceedings (Scopus / DBLP indexed). The extended version with full experimental appendices is on arXiv.
arXiv (extended)
poster
March 2026
New preprint: Exponential-Family Membership Inference
New paper on arXiv! Membership inference attacks (MIAs) are becoming standard tools for auditing AI privacy. This paper shows that three prominent methods — LiRA, RMIA, and BASE — are unified within an exponential-family framework, and introduces BaVarIA: a Bayesian approach using conjugate priors that improves performance across shadow-model budgets without extra hyperparameter tuning.
arXiv
February 2026
New preprint: Client-Conditional Federated Learning
New paper on arXiv! Federated learning struggles with data heterogeneity: existing methods either ignore client differences, require costly cluster discovery, or maintain per-client models. This paper proposes conditioning a shared global model on locally computed data statistics, handling diverse client distributions without extra communication cost or additional private information disclosure.
arXiv
December 2025
New preprint: Inhibitor Transformers and Gated RNNs for FHE
This paper presents neural network architectures co-designed for fully homomorphic encryption (FHE) — replacing softmax attention and smooth activations with ReLU and addition-based alternatives that are natively efficient on encrypted data, enabling end-to-end secure inference without sacrificing accuracy.
arXiv
November 2025
LeakPro Phase II granted
Vinnova has granted funding for LeakPro Phase II, expanding the open-source LeakPro framework from a privacy risk assessment tool into a practical framework for responsible AI. Phase II targets generative language models, privacy risk audit for regulatory compliance, and optimisation of privacy-enhancing technologies — helping organisations find the right balance between privacy and utility.
AI Sweden announcement
Vinnova project page
Poster
October 2025
LeakPro Phase I completed
The first phase of the LeakPro project has been completed. The project delivered mature implementations of membership inference and data reconstruction attacks against classifiers, inference attacks against synthetic data, and gradient inversion for federated learning. During the project, several regulatory developments reinforced the relevance of this work, including the EDPB opinion on traceability of training data in AI systems and a Swedish Data Protection Authority sandbox study on sensitive personal data.
LeakPro on GitHub
RISE
October 2025
SARDIN project completed
The SARDIN project (2023–2025), funded by Vinnova, has been completed. The project developed a decentralised platform that sends analysis code to distributed health data sources and returns only aggregated results, rather than centralising personal data. Combining federated analysis, secure aggregation via homomorphic encryption, and differential privacy, the platform includes governance mechanisms for data access approval and individual consent management. Regulatory and organisational questions were explored together with stakeholders through a series of workshops using a gamified methodology. The project demonstrates that decentralised processing is both technically feasible and legally relevant for implementing the European Health Data Space (EHDS) in Sweden.
arXiv
DiVA report
May 2025
Visit to Singapore — ICLR 2025 workshops
A week in Singapore for ICLR 2025 and meetings with researchers and policymakers on privacy-enhancing technologies (PETs) and trustworthy AI. Presented two workshop papers at ICLR, met with researchers at NUS on privacy auditing tools, discussed regulatory sandboxes for PETs with IMDA, and explored encrypted ML and post-quantum cryptography with HTX. The visit strengthened international collaborations around LeakPro and PETs research.
InhibiDistilbert (SLLM)
CondFL (MCDC)