Governance – Vulnerability Studies Programme (VSP)

Policy and standards, built on ground truth

For over twenty years, Pwnshow's principal has served the European institutions — providing strategic policy advice, scientific evaluation, and ethics appraisal to the European Commission's Directorates-General, the Joint Research Centre, and the Agencies of the European Union, across Horizon Europe, Digital Europe, and other framework programmes.

Sample of past engagements

  • Technology foresight on advanced digital security and cybersecurity technologies for the 2028–2040 horizon, informing FP10 and the next MFF.
  • Expert consultation to the EU AI Office on the EU AI Act and the GPAI Code of Practice.
  • Standardisation work in ETSI TC SAI (Securing AI).
  • The review of the Digital Decade Policy Programme.
  • Technology foresight on offensive cyber for the Royal Holloway, University of London.

What we offer

Adversarial evaluation

Red-teaming and systemic-risk assessment of AI systems and security architectures, performed by people who have built and broken both.

Regulatory translation

Converting technical realities into implementable provisions; our contribution to the GPAI Code of Practice's substantial-modification clause is the working example.

Foresight & horizon-scanning

Market-grounded anticipation of emerging threats, in the lineage of our prediction-market research.

Experiential evidence

Briefings in which decision-makers experience the risk, not merely read about it. Understanding a mitigation gap is different when you have watched it being exploited.

Ethics & norms

Codes of conduct and ethical frameworks for capability acquisition — from the 2015 vulnerability-acquisition code to emerging frameworks for AI capability governance.

We accept engagements under our published independence rules.

Ethics & Independence

Let's outplay.

Pwnshow (formerly secYOUre) · Rome, Italy · Investigating vulnerability since 2010. © 2026 Pwnshow