ICLR 2026 Response to Security Incident

This post is an update on a major security incident in the ICLR 2026 peer review process and our response. A quick overview of timeline and activities related to the security incident is as follows: 

1. [11/27/2025 10:09 am EST] The ICLR team was notified of a bug in OpenReview allowing reviewer/author/AC information to be leaked. The ICLR Workflow Chair immediately notified OpenReview.
2. [11/27/2025 11:10 am EST] OpenReview fixed the bug.
3. [11/27/2025 12:09 pm EST] The ICLR team was notified of a dataset of 10,000 ICLR submissions and their details in circulation. ICLR immediately sent take-down requests to publicly hosted versions. All known publicly hosted ones were disabled by December 1.
4. [11/27/2025 1:00 pm EST] ICLR puts out a statement on X.
5. [11/27/2025 4:30 pm EST] ICLR freezes editing of review forms.
6. [11/27/2025 5:47 pm EST] OpenReview puts out a statement on X.
7. [11/28/2025 5:30 am EST] The ICLR team finds a malicious commenter posting public comments on 600 papers identifying the reviewers. Comments were deleted, and the commenter blocked by OpenReview. Public comments frozen.
8. [11/28/2025 10:00 am EST] The ICLR team sent out emails to all authors, reviewers and ACs informing them of the decision to revert reviews and reassign ACs. OpenReview begins reverting reviews.
9. [11/28/2025 9:30 pm EST] Reviews reverted.
10. [11/28/2025 11:00 pm EST] ACs reassigned.
11. [11/29/2025 12:28 pm EST ] The ICLR team puts out a statement on X about these actions.
12. [12/01/2025 10:08 pm EST] ICLR team sent out emails to ACs and SACs about the updated timeline, as well as to reviewers about support and resources in response to the breach. 

On Nov 27, ICLR was notified of an OpenReview API exploit capable of leaking the otherwise anonymous names of authors, reviewers, and area chairs associated with paper submissions, including those of ICLR. We are grateful to the OpenReview team for fixing the issue quickly. More information about this bug and its mitigation is available in OpenReview’s first statement about the incident and their initial analysis. 

Exploiting this bug, malicious actors scraped the author, reviewer and other details for over ten thousand ICLR papers (45% of the conference) and circulated this data on the internet. We were immediately made aware of potential attempts of collusion between authors and reviewers. Our investigations also revealed third parties (neither authors nor reviewers) harassing, intimidating and offering bribes to multiple reviewers. These actions posed a serious risk to the academic integrity of the conference. Furthermore, we received reports that the OpenReview bug may have been known and exploited as early as November 11, suggesting that this harassment and/or collusion could have occurred at any time during the discussion period.

Maintaining the academic integrity of the conference is a top priority; not addressing this issue would not only taint ICLR’s reputation, but also tarnish the reputation of papers published in this cycle. In addition, a lack of strong action would set a troubling precedent and encourage future hacking where malicious actors influence the reviewers and ACs. The simplest option would have been to restart the review process with new reviewers and ACs, but this would have resulted in an unreasonably large reviewing load and affect other conferences’ activities. After careful consideration, we instead took the following actions: we immediately froze the reviewer discussion (so that reviewers could no longer be influenced by malicious actors, authors or otherwise). We then reassigned each paper to a new AC (so that malicious actors would no longer know who to influence). To ensure that the extant reviews were not already tainted, we reverted the review text and scores to their state before the bug became known, namely, the beginning of the discussion period.

Moving forward, the new ACs have been tasked with looking at the original review, reading the author and reviewer comments and writing down the metareview. To aid ACs in borderline or challenging cases, we are grouping ACs into triplets and encouraging ACs to consult the triplet on challenging cases. We also are providing ACs with the option of requesting a reduced workload by recruiting emergency ACs. ACs have also been provided with a longer metareview period, ending January 6, and in spite of this significant disruption, we will still aim to release notifications before January 26.

Note that this process is not a major departure from the AC’s role in past years: The AC always has to base their meta-review on the reviews, the author response, the discussion, and their own assessment. More broadly: the reviewer scores are not the only metric, and it is not unusual for the ACs to handle submissions where one or more reviewers were not responsive in the discussion. 

In addition, we are taking action towards actors who caused this disruption and harassed or attempted to collude with authors/reviewers. The individual who widely shared the names of authors and reviewers has been identified and banned from OpenReview and ICLR. We are also desk rejecting papers of authors or reviewers who attempt to collude and pursuing further disciplinary action based on the severity. Members of our community who witness any kind of misconduct should continue to email us, and we will continue to take action. 

This was an unprecedented attack on the integrity of ICLR, and the AI academic community more broadly.  Given the ongoing potential for further harm by way of harassment, collusion, and doxing, decisive action was needed.  These actions were not taken lightly, and we understand that they caused significant disruption to authors and reviewers, especially those in the middle of productive discussions. We appreciate the patience and understanding of the community, as well as the constructive feedback.  We are actively sharing our findings with other AI conferences, and we hope the entire community emerges from this situation even stronger than before.

Warm thanks,

ICLR Program Chairs and ICLR General Chair