At the upcoming Infosecurity Europe 2026 event, the Open Worldwide Application Security Project (OWASP) is set to introduce the Agentic Research Council. This initiative aims to address the growing gap between rapidly evolving agentic AI technologies and the slower pace at which traditional security research and standards evolve. Through the establishment of this council, OWASP’s GenAI Security Project seeks to facilitate a coordinated research effort that enhances the integration of advanced AI capabilities into cybersecurity practices.
The Agentic Research Council arises from OWASP’s Agentic Security Initiative, a community-driven effort that previously produced the well-received guidance titled "Top 10 Guidance for LLM Security," which has become a cornerstone resource in the field of AI security. The official announcement of the Agentic Research Council will take place during the OWASP GenAI Summit, scheduled for Thursday, June 4, as part of the larger Infosecurity Europe event.
Aligning Research with Industry Concerns About Agentic AI
In an interview with Infosecurity, John Sotiropoulos, co-lead and board member of OWASP’s GenAI Security Project and the Agentic Security Initiative, positioned the Agentic Research Council as a logical advancement for a project dedicated to merging community insights with expert validation. This research-oriented council is specifically designed to foster collaboration among academia, industry stakeholders, government bodies, and policymakers. The objective is to ensure that research priorities are aligned with industry needs and that actionable mitigations can be quickly developed and deployed—far more quickly than conventional standards cycles typically allow.
“The Agentic Security Initiative has primarily targeted cybersecurity practitioners, such as Chief Security Officers (CSOs), Chief Information Security Officers (CISOs), and developers. However, our scope now extends to the broader research community, aiming to establish a mutually beneficial exchange of insights,” Sotiropoulos remarked. He emphasized that while informal interactions between these groups occur, there is a pressing need for a more structured approach to ensure effective communication and collaboration.
Sotiropoulos highlighted the urgency for this initiative, pointing out the unique challenges posed by the rapid advancement of agentic AI systems. These AI agents operate at exceptional speeds, creating a dilemma for conventional industry practices. The swift progress within this domain necessitates an enhanced alignment of cybersecurity efforts.
“The decline in time-to-impact—referring to the reduced time frame available to exploit vulnerabilities due to AI-driven agents—compels cybersecurity professionals to shift focus from traditional development-centered governance approaches to runtime operations. This includes monitoring and controls that are responsive at machine speed,” he warned.
As Sotiropoulos noted, local AI deployments exemplified by projects like OpenClaw and NanoClaw have democratized access to AI, making sophisticated technologies available to a broader audience. He anticipates that the commodization of agentic AI will be driven by advanced foundation model developers, which underscores the urgency of these developments.
The Role of OWASP’s Agentic Research Council
The Agentic Research Council will maintain a publicly accessible pipeline of research topics, host regular working groups, and facilitate connections between academic research and operational realities. This initiative will take the form of funding for doctoral research, aligning academic focus with the immediate needs of practitioners, thereby creating streamlined outputs that can swiftly inform guidance, tools, and standards.
Importantly, Sotiropoulos clarified that the Council is not intended to replace existing OWASP efforts but rather to formalize the interplay between academic research and practical applications. The goal is to ensure that valuable academic insights do not become isolated from real-world cybersecurity challenges.
The heart of the initiative lies in uniting diverse backgrounds and missions within cybersecurity. “We will establish transparent charters to ensure inclusive participation,” Sotiropoulos explained, adding that a dedicated webpage for the council will be launched on the OWASP GenAI Security Project website.
Multi-Agent Security: First Security Topic of Interest for the Council
OWASP’s Agentic Security Initiative recently published a preprint paper focused on multi-agent security, which Sotiropoulos co-authored. The paper, titled "Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents," was released on arXiv and analyzes the risks associated with interactions among multiple agents. It advocates for a paradigm shift in how agents are evaluated, emphasizing that isolated analyses are no longer effective. The paper highlights the emergent behaviors that can arise from agential interactions, leading to new attack vectors that were not anticipated during the design phase of these systems.
The authors argue that secure design principles must be complemented with robust runtime governance and observability specifically tailored to agent interactions.
Sotiropoulos noted that cybersecurity defenders must adapt their strategies to account for machine-speed interactions and the dynamics of multi-agent systems. He advised that organizations should pivot from a “human-in-the-loop” framework—where all AI actions require human validation—to a “human-on-the-loop” approach, which prioritizes human oversight alongside immediate monitoring and control mechanisms.
In drawing parallels with military advancements, he likened the impact of agentic AI on cybersecurity to the transformative effect of drones in modern warfare. Much like drones have revolutionized combat dynamics, he suggested that agentic AI will fundamentally reshape approaches to cybersecurity, demanding rapid and multifaceted responses to machine-speed attacks.
Forthcoming Paper on Agentic AI Governance
Complementing the establishment of the council and the paper on multi-agent security is another forthcoming OWASP publication titled "The State of Agentic AI and Governance," set to be released on June 1. This paper will compile comprehensive insights on adoption patterns, governance frameworks, and regulatory considerations affecting agentic AI, offering a risk-tiering scheme that can guide practitioners in operationalizing controls.
Sotiropoulos indicated that this governance paper will provide actionable steps for cybersecurity professionals, linking key controls to various risk tiers and enabling the integration of these controls into incident response, compliance workflows, and overall operational behavior.
Sotiropoulos emphasized the hybrid nature of the initiative, aiming to marry community-led guidance with formal standards development. The tightly coordinated timing of the council’s launch and the publication of these papers is a strategic response to what he perceives as a potential "perfect tsunami" of rapid advances in AI technology, necessitating a democratized and collaborative approach to cybersecurity.
The OWASP GenAI Summit, where the Agentic Research Council will be officially announced, will occur on June 4 from 10:00 to 15:00 in the South Gallery Room 18 & 19 at Infosecurity Europe.