Governance – Vulnerability Studies Programme (VSP)
Policy and standards, built on ground truth
For over twenty years, Pwnshow's principal has served the European institutions — providing strategic policy advice, scientific evaluation, and ethics appraisal to the European Commission's Directorates-General, the Joint Research Centre, and the Agencies of the European Union, across Horizon Europe, Digital Europe, and other framework programmes.
Sample of past engagements
- Technology foresight on advanced digital security and cybersecurity technologies for the 2028–2040 horizon, informing FP10 and the next MFF.
- Expert consultation to the EU AI Office on the EU AI Act and the GPAI Code of Practice.
- Standardisation work in ETSI TC SAI (Securing AI).
- The review of the Digital Decade Policy Programme.
- Technology foresight on offensive cyber for the Royal Holloway, University of London.
What we offer
Adversarial evaluation
Red-teaming and systemic-risk assessment of AI systems and security architectures, performed by people who have built and broken both.
Regulatory translation
Converting technical realities into implementable provisions; our contribution to the GPAI Code of Practice's substantial-modification clause is the working example.
Foresight & horizon-scanning
Market-grounded anticipation of emerging threats, in the lineage of our prediction-market research.
Experiential evidence
Briefings in which decision-makers experience the risk, not merely read about it. Understanding a mitigation gap is different when you have watched it being exploited.
Ethics & norms
Codes of conduct and ethical frameworks for capability acquisition — from the 2015 vulnerability-acquisition code to emerging frameworks for AI capability governance.
We accept engagements under our published independence rules.
Ethics & Independence