The method

Adversarial Creativity

Our method has a name: adversarial creativity — a translational adversarial inquiry in four movements, where the disciplined use of the attacker's mindset is both an investigative technique and an expressive medium.

Every Pwnshow investigation follows the same arc:

1

Conceive the process.

We design a novel adversarial process — an attack, an instrument, a market mechanism, an imaging technique — drawn from three decades of security engineering practice.

2

Match it to a researched subject.

The process is assessed for what it can reveal, then matched to a subject-matter we have researched in depth: a trust architecture, a regulatory gap, a social condition.

3

Execute to the standard of evidence.

Findings are produced to survive scrutiny — peer review where the claim is scientific, regulatory consultation where it is normative, exhibition where it is experiential.

4

Translate across registers.

Each investigation is rendered in the languages of its audiences: a paper, a standards contribution, a briefing, an image, an instrument. Translation is not an afterthought.

The result: knowledge meets conjecture, observation meets imagination, aisthesis meets poiesis.

Worked example — The Open-Weight Dilemma (INV-007)

A single Pwnshow investigation into the cyber risks of open-weight large language models produced: a research paper (arXiv:2505.17109), cited by the U.S. National Academies, Oxford Martin School AIGI, and UC Berkeley CLTC, among others; a policy article identifying the gaps in the EU AI Act and the draft GPAI Code of Practice; expert consultation to the EU AI Office that contributed to the substantial modification clause in the GPAI Code of Practice — protecting open-model providers from undue liability while making downstream actors responsible for their modifications; a talk at the ETSI Security Conference 2025 that led to an invitation to join ETSI TC SAI (Securing AI); a FOSDEM address carrying the findings to the open-source community; a talk to the European Pirate Party’s Think Twice conference on the governance of open-weight AI capabilities. One investigation; multiple registers; one demonstrable change in how Europe governs AI.

Let's outplay.

Pwnshow (formerly secYOUre) · Rome, Italy · Investigating vulnerability since 2010. © 2026 Pwnshow