ICLR 2026 Response to Security Incident

· Source: ICLR Blog · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Fundamental Awareness, short

Summary

The ICLR 2026 peer review process experienced a significant security incident starting November 27, 2025, when a bug in OpenReview's API was exploited to leak author, reviewer, and area chair identities for over 10,000 ICLR submissions, representing 45% of the conference. Malicious actors circulated this data, leading to attempts at collusion, harassment, intimidation, and bribery targeting reviewers. The ICLR team, in collaboration with OpenReview, responded by fixing the bug, freezing review form editing and public comments, reverting reviews to their pre-discussion state, and reassigning all Area Chairs (ACs). New ACs are tasked with writing metareviews based on original reviews and discussions, supported by AC triplets for challenging cases and extended deadlines until January 6, with notification aims by January 26. The individual responsible for widely sharing the leaked data has been identified and banned, and papers involved in collusion attempts face desk rejection.

Key takeaway

For AI scientists and program chairs managing peer review systems, this incident highlights the critical need for stringent platform security and a well-defined incident response plan. Your systems must be resilient against identity leaks and prepared for rapid, decisive action like review freezes and reassignments to maintain academic integrity. Proactively sharing findings with other conferences can strengthen community-wide defenses against similar attacks.

Key insights

An OpenReview API exploit led to a major ICLR security breach, compromising anonymity and academic integrity.

Principles

Method

The ICLR response involved freezing discussions, reassigning ACs, reverting reviews to a pre-breach state, and implementing AC triplets for support, aiming to preserve academic integrity while minimizing disruption.

In practice

Topics

Best for: AI Scientist, CTO, VP of Engineering/Data, AI Researcher, Research Scientist, AI Ethicist

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by ICLR Blog.