"Expert backed, but community driven," said John Sotiropoulos, summing up OWASP’s new Agentic Research Council ahead of its formal unveiling at Infosecurity Europe.
John Sotiropoulos frames the council’s purpose
John Sotiropoulos, co-lead and board member of OWASP’s GenAI Security Project and Agentic Security Initiative, told Infosecurity the new council is intended to close "the widening gap between fast‑moving agentic AI capabilities and the slower pace of conventional security research and standards." He described the Agentic Security Initiative as having focused to date on "cybersecurity practitioners, on CSOs, CISOs, developers," and said the council will expand that remit to bring research and practice into closer alignment.
The Agentic Research Council: structure and declared outputs
Launched from within OWASP’s GenAI Security Project by its Agentic Security Initiative, the Agentic Research Council will publish a public pipeline of research topics, convene regular working groups and aim to connect academic work to operational realities. Sotiropoulos said the council will sponsor PhD work, align academic roadmaps with immediate practitioner needs, and produce coordinated outputs that feed directly into guidance, tooling and standards. He emphasized the council is not meant to supplant OWASP’s existing practitioner work but to formalize and scale the bridge between research and practice.
Multi-agent security set as the first research priority
The council’s opening research topic will be multi-agent security. OWASP’s Agentic Security Initiative published a preprint on this subject on arXiv on April 29, titled "Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents." The paper argues that analyzing agents in isolation is insufficient because interacting agents can discover new tools, assemble dynamic toolchains and produce emergent behaviors that create attack surfaces unseen at design time. It recommends complementing secure‑by‑design thinking with runtime governance and observability focused on agent interactions and behavior.
"Runtime" as the new unit of analysis
Sotiropoulos called for a shift in defensive focus from development‑centred governance toward runtime, agent‑level monitoring and controls that operate "at the speed of the machine." He warned that agentic systems can collapse time‑to‑impact — for example, by enabling machine‑speed exploitation of vulnerabilities — and that incident response, red teaming and attribution models must change to account for machine‑speed attacks and multi‑agent swarms. He urged defenders to plan for human‑on‑the‑loop oversight and agent‑level policy monitors rather than slower, human‑centric review cycles.
How cybersecurity practitioners, academics, and policymakers will be affected
- Cybersecurity practitioners and product teams: The council intends to convert research into deployable mitigations and operational guidance tied to runtime monitoring, incident response and compliance workflows. Sotiropoulos said the governance recommendations are designed to help "people on the ground" implement controls today rather than waiting for standards bodies.
- Academic researchers and PhD students: The council will sponsor PhD work and align academic roadmaps with practitioner needs, creating an explicit pipeline from academic discovery to operational tooling and standards.
- Policymakers and standards bodies: OWASP intends a hybrid approach — rapid, peer‑reviewed community guidance paired with mapping and collaboration to formal standards and governmental workstreams so practical solutions scale and interoperate.
Timing, context and next steps at Infosecurity Europe
The Agentic Research Council will be formally announced at Infosecurity Europe’s OWASP GenAI Summit on Thursday, June 4, during the session titled "Beyond The Top 10: The Next Chapter of the Agentic Security Initiative" at 10.30 in South Gallery Room 18 & 19. OWASP plans to publish a dedicated council page on its GenAI Security Project website and will also release a complementary governance paper, "The State of Agentic AI and Governance," on June 1. That governance paper maps Top 10 controls to risk tiers and offers operational advice for everything from lightweight AI copilots to manufacturing systems using complex multi‑component platforms.
Sotiropoulos said the timing is deliberate, arguing the council is a response to a potential "perfect tsunami" of rapid capability growth, commoditization and multi‑agent dynamics. He pointed to locally hosted projects such as OpenClaw and NanoClaw as evidence that agentic AI is becoming broadly accessible, and cited models with advanced capabilities — Anthropic’s Mythos (available via the Glasswing project to a select few) and OpenAI’s GPT5.5 (available to many) — to illustrate the speed and breadth of capability diffusion.
The Agentic Research Council is positioned to formalize coordination among academia, industry, government and policy makers so research priorities, mitigations and standards can move closer to the machine speed at which agentic systems operate. The council’s first outputs and the June 4 announcement will show whether that promise translates into concrete, operational change for defenders and regulators.
https://www.infosecurity-magazine.com/news/owasp-new-agentic-research-council/



