Workshop on Security, Privacy, and
Safety of Agentic AI Systems
(AGENT-SEC 2026)
In conjunction with ACM CCS 2026
In conjunction with ACM CCS 2026
Objectives
The workshop seeks contributions that move beyond model-level analysis to address system-level risks introduced by agents operating in dynamic, real-world environments. We invite submissions on all aspects of security, privacy, and safety of agentic AI systems.
Topics include, but are not limited to:
Threat Models and Attacks in Agentic AI
Prompt injection attacks against tool-using and agentic LLMs
Goal hijacking, task derailment, and adversarial instruction following
Context and memory poisoning in long-horizon agents
Attacks on agent-to-agent communication protocols (e.g., MCP, A2A)
Jailbreaking and policy bypass in deployed agentic pipelines
Privacy in Agentic and Multi-Agent Systems
Data leakage via tool calls, external APIs, and retrieval-augmented generation (RAG)
Privacy risks of persistent agent memory and cross-session data retention
Inference attacks exploiting agent behavior and tool-use patterns
Privacy-preserving techniques for agentic workflows (e.g., differential privacy, secure computation)
Anonymization and data minimization in agentic pipelines
Safety, Alignment, and Robustness
Safety constraints and alignment for autonomous agents
Emergent unsafe behaviors in multi-agent systems
Robustness of agent decision-making under adversarial conditions
Formal verification and specification of agent safety properties
Human-in-the-loop mechanisms for agent oversight
Secure Distributed and Federated Agentic AI
Security and privacy in federated LLM fine-tuning and inference
Decentralized multi-agent architectures and trust management
Byzantine-resilient multi-agent coordination
Secure split inference and privacy-preserving agent deployment
Cross-organizational agent collaboration and access control
Governance, Accountability, and Responsible Deployment
Audit trails, logging, and forensics for autonomous agent actions
Interpretability and explainability of agent decisions
Regulatory compliance and legal liability for agentic AI
Ethics and fairness in automated decision-making pipelines
Threat modeling frameworks for agentic systems
Applications and Case Studies
Security of agentic coding assistants and software development pipelines
Agentic AI in high-stakes domains: healthcare, finance, critical infrastructure
Security of agentic AI in IoT, edge, and cyber-physical systems
Red-teaming methodologies and evaluation benchmarks for agentic AI
Evaluation, Benchmarking, and Assurance
Security and privacy benchmarks for agentic systems
Red teaming methodologies for agents
Risk assessment frameworks and metrics
Auding and certification for agentic systems
We welcome original contributions that have not been published and are not currently under consideration by any other conference or journal. Submissions should be formatted according to the ACM SIGS format and should not exceed 12 pages, including references and appendices. All other formatting must follow the CCS2026 guidelines at https://www.sigsac.org/ccs/CCS2026/call-for/call-for-papers.html.
Important: The review process is double-blind, so papers should not include any identifying information, such as author names, affiliations, or acknowledgments.
Ethical Declaration and Consideration
All submitted papers must include a mandatory section addressing Ethical Declaration and Consideration. This section should outline how ethical guidelines have been followed, particularly in relation to the use of LLMs and NLP. Authors must explicitly discuss any ethical concerns, including data privacy, bias mitigation, and the involvement of human subjects or domain experts in their research. Papers without this section will not be considered for review.
Important Dates
Submission Deadline: July 15, 2026
Notification of Acceptance: August 8, 2026
Camera-Ready Deadline: September 17, 2026
Workshop Date: November 15, 2026.
Mario Fritz is a faculty member at the CISPA Helmholtz Center for Information Security, an honorary professor at Saarland University, and a fellow of the European Laboratory for Learning and Intelligent Systems (ELLIS). Until 2018, he led a research group at the Max Planck Institute for Computer Science. Previously, he was a PostDoc at the International Computer Science Institute (ICSI) and UC Berkeley after receiving his PhD from TU Darmstadt and studying computer science at FAU Erlangen-Nuremberg. He is currently coordinating and leading the EU-funded network of excellence "ELSA - European Lighthouse on Secure and Safe AI", among other projects. His research focuses on trustworthy artificial intelligence, especially at the intersection of information security and machine learning.
Eugene Bagdasarian is an Assistant Professor of Computer Science at UMass Amherst’s Manning College of Information and Computer Sciences (CICS). He co-leads the AI Security Lab at UMass with Amir Houmansadr and the AI Safety Initiative with Shlomo Zilberstein. He is also a part-time Senior Research Scientist at Google, where he works on agentic privacy and security.
His group studies security and privacy attack vectors in AI systems deployed in real-world settings. His research has been recognised with the Apple Scholars in AI/ML Fellowship and the USENIX Security Distinguished Paper Award in 2024. His group is supported by a Schmidt Sciences Trustworthy AI Grant.
He completed his PhD at Cornell Tech, advised by Vitaly Shmatikov and Deborah Estrin. Before graduate school, he earned an engineering degree from Bauman Moscow State Technical University and worked as a software engineer at Cisco.