At Infosecurity Europe 2026, the Open Worldwide Application Security Project (OWASP) will formally unveil the Agentic Research Council, a coordinated research effort created to close the widening gap between fast‑moving agentic AI capabilities and the slower pace of conventional security research and standards.

The Agentic Research Council is being launched from within OWASP’s GenAI Security Project by its Agentic Security Initiative, the same community that produced the well‑adopted Top 10 guidance for LLM security.

It will be formally announced during Infosecurity Europe’s OWASP GenAI Summit, on Thursday, June 4.

Aligning Research with Industry Concerns About Agentic AI

Speaking to Infosecurity ahead of the event, John Sotiropoulos, co-lead and board member of OWASP’s GenAI Security Project and Agentic Security Initiative, framed the new council as the next step in a project whose core strength is combining broad community input with expert validation.

He described the Agentic Security Initiative as “expert backed, but community driven.”

The Council is intended to create a global collaboration between academia, industry, government and policy makers so research can be prioritized, aligned and converted into deployable mitigations more quickly than traditional standards cycles allow.

“Up to now, we, at the Agentic Security Initiative, have been focusing on cybersecurity practitioners, on CSOs, CISOs, developers. Now, we want to expand and encompass research and allow the two groups to inform each other,” Sotiropoulos said.

“This already happens today in an ad hoc fashion, but we want to make it more coordinated and direct.”

Sotiropoulos explained that the rationale for the Council springs directly from the pace and nature of agentic systems.

He warned that, because AI agents can act at machine speed, their use puts a lot of standard industry practice into question.

“This speed of change requires us to align a bit more,” he implored.

He also argued that the collapse of time-to-impact – the reduction of the time needed to exploit a vulnerability granted by the use of AI agents, for instance – means defenders must refocus from development‑centred governance toward runtime, agent‑level monitoring and controls that operate at the speed of the machine.

“Locally hosted agentic AI projects, like OpenClaw and now NanoClaw, have democratized AI agents because they have made the technology accessible to almost anyone. Now, the commoditization of agentic AI will likely come from foundation, frontier model makers. And it’s coming, and coming fast,” he said.

Additionally, even though Anthropic’s Mythos, with advanced capabilities, is only accessible to a select few via the Glasswing project, some models that have very similar capabilities, like OpenAI’s GPT5.5, are available to many more people.

Read more: What Fronter AI Models Like Mythos and GPT-Cyber Mean for Modern Cybersecurity

The Role of OWASP’s Agentic Research Council

The Agentic Research Council will maintain a public pipeline of research topics, convene regular working groups and aim to connect academic work to operational realities.

For example, the Council will sponsor PhD work, align academic roadmaps with immediate practitioner needs and produce coordinated outputs that feed directly into guidance, tooling and standards.

Sotiropoulos made clear that the Council is not intended to supplant OWASP’s existing practitioner work; rather, it formalizes and scales the bridge between research and practice so emerging academic discoveries do not remain isolated or lag behind real‑world attacks.

“The key objective is bringing people with different background and missions together. We’ll agree on how we work and implement transparent charters to ensure everyone can participate,” he outlined.

“Once we have done this, we will have a page dedicated to the council on OWASP’s GenAI Security Project website.”

Multi-Agent Security: First Security Topic of Interest for the Council

OWASP’s Agentic Security Initiative has published a preprint paper on multi-agent security, which Sotiropoulos, one of the co-authors, described as an effort to expose and explain the composability risks that arise when agents interact.

The paper, titled “Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents” was published on the scientific preprint paper platform arXiv on April 29.

It argues that analyzing agents in isolation is no longer sufficient because multiple agents can discover new tools, assemble dynamic toolchains and produce emergent behavior that creates attack surfaces unseen at design time.

Secure‑by‑design thinking, the paper says, needs to be complemented by runtime governance and observability focused on agent interactions and behavior.

Sotiropoulos said the unit of analysis must move from “building an agent or building a system to that runtime.”

In practice, this means incident response, red teaming and attribution models must change to account for machine‑speed attacks and multi‑agent swarms.

He warned that multi‑agent setups can break human‑in‑the‑loop assumptions – where you ensure any action taken by AI systems (e.g. chatbots, assistants, agents…) is validated by a human.

He argued that defenders should instead be planning for human‑on‑the‑loop – emphasizing human oversight rather than action-specific validation – and agent‑level policy monitors rather than slower, human‑centric review cycles.

“If you think of the defense sector, I think agentic AI does to cybersecurity what drones did to kinetic warfare. We all used to think of super expensive, complicated equipment was needed to fight a war, and then cheap drones came and commoditized the field,” he explained.

He likened agent swarms to drone swarms, “where many little assets act together so fast that it requires you a million responses at a time, which is impossible for a human.”

Forthcoming Paper on Agentic AI Governance

Complementing the research council and the multi‑agentic paper, OWASP will release another paper, titled “The State of Agentic AI and Governance” on June 1.

This forthcoming paper offers an end‑to‑end synthesis of adoption patterns, governance models and regulatory touchpoints and it includes a practical maturity and risk‑tiering scheme.

According to Sotiropoulos, this governance paper is designed to be highly actionable: it maps which Top 10 controls apply to different risk tiers, from lightweight AI copilots to manufacturing systems using complex multi‑component platforms.

It also provides guidance on operationalizing those controls into runtime behavior monitoring, incident response and compliance workflows.

Sotiropoulos emphasized that the included governance recommendation are not merely theoretical but intended to help “people on the ground” (cyber defenders, product teams and security leaders) implement controls today rather than wait for standards bodies.

Read more: Turning the OWASP Agentic Top 10 into Operational AI Security

He underscored the project’s hybrid approach, pairing nimble, peer‑reviewed community guidance with efforts to map and collaborate with formal standards and governmental workstreams so that practical solutions scale and interoperate.

The timing of the two publications and the Agentic Research Council launch is purposeful.

Sotiropoulos framed the effort as a response to what he called a potential “perfect tsunami” of rapid capability growth, commoditization and multi‑agent dynamics.

He argued that the only realistic way to democratize the response to that change is to engage broad communities and coordinate research and practice closely.

The OWASP GenAI Summit will be held at Infosecurity Europe on Thursday, June 4, from 10.00 to 15.00 (South Gallery Room 18 & 19). See the full program here. The Agentic Research Council will be formally announced at 10.30, during the session titled “Beyond The Top 10: The Next Chapter of the Agentic Security Initiative.” Register for Infosecurity Europe here.