Vivi Andersson

Publications

PoCo: Agentic Proof-of-Concept Exploit Generation for Smart ContractsVivi Andersson*, Sofia Bobadilla*, Harald Hobbelhagen, et al. · PaperAccepted for the ACM TOSEM Special Issue on Agentic AI in Software, 2026

Evaluating Cryptographic API Misuse Detectors for GoVivi Andersson and Martin Monperrus · PaperProceedings of the 4th International Workshop on Software Vulnerability Management (SVM '26), 2026

GoSurf: Identifying Software Supply Chain Attack Vectors in GoCarmine Cesarano, Vivi Andersson, Roberto Natella, et al. · PaperProceedings of the 2024 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, pp. 33-42, 2024

Geth Rebuild: Verifiable Builds for Go EthereumVivi Andersson · Supervised by Javier Ron · PaperMSc Thesis, KTH Royal Institute of Technology, 2024

AI Agents Decline Free Beer🍺 but Have a Big Heart❤️Carmine Cesarano, Vivi Andersson, Julien Malka, et al. · PaperSIGBOVIK: A Record of the Proceedings of SIGBOVIK 2026, 2026

UPPERCASE IS ALL YOU NEEDVivi Andersson, Benoit Baudry, Sofia Bobadilla, et al. · PaperSIGBOVIK: A Record of the Proceedings of SIGBOVIK 2025, pp. 24-35, 2025

Talks

Dagstuhl Seminar 26192. Evaluating Logical Correctness in Agentic PoC Exploit Generation Dagstuhl, Germany, 6 May 2026 · Seminar · Slides
A Dagstuhl talk focused on how we evaluated PoCo's logical correctness, including the methodology and criteria used to assess whether generated proof-of-concept exploits matched the intended vulnerability behavior.

SVM 2026. Evaluating Cryptographic API Misuse Detectors for Go Rio de Janeiro, Brazil, 18 April 2026 · Slides
The first systematic study of cryptographic API misuse detection in Go, comparing four tools across 328 security-critical open-source projects. Presented at SVM 2026, co-located with ICSE.

Huawei Future Technology Device Summit. Agentic PoC Exploit Generation for Smart Contracts Helsinki, Finland, March 2026 · Slides
Presenting PoCo's evaluation results on 23 real-world vulnerabilities to an industry audience, with discussion on scaling agentic exploit generation beyond smart contracts.

SEC-T 2025. Machine Learning for Offensive Cybersecurity Munchenbryggeriet, Stockholm, September 2025 · Slides · Watch
How to weaponize AI and LLMs in real-world offensive security workflows, from adversarial use and agentic techniques to automated exploit generation for blockchain smart contracts (co-speaker: Sofia Bobadilla).

See all talks

Teaching

EP120U Computer Systems Teaching Assistant. Responsible for teaching modules on operating systems, high-level languages, virtual machines, and assembly.

MSc Theses Supervision Supervisor. Topics on machine learning for vulnerability detection, open source software analysis, and software supply chain security.

Finished supervised theses: Ouday Ahmed, An Empirical Study of Code Pre-trained Model Embeddings for Software Vulnerability Detection Feb 2026.