TOP
Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Seminars
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Publishing
Within this website:
External resources:
dblp
Within this website:
External resources:
  • the dblp Computer Science Bibliography


Please select your role
to obtain appropriate quick-links.
As a LIPIcs/OASIcs author, you will be invited by e-mail to register at the Dagstuhl Submission Server. The server will guide you through the publication workflow. Preliminary information can be found here:
Quick Links

Dagstuhl Perspectives Workshop 26162

Autonomous AI Agents in Computer Security

( Apr 12 – Apr 17, 2026 )
(Click in the middle of the image to enlarge)
Permalink
Please use the following short url to reference this page: https://www.dagstuhl.de/26162
Organizers
  • Alvaro Cárdenas Mora (University of California - Santa Cruz, US)
  • Kathrin Grosse (IBM Research Europe - Zürich, CH)
  • Nicole Nichols (Palo Alto Networks - Santa Clara, US)
  • Konrad Rieck (TU Berlin, DE)
Contact
Dagstuhl Reports

As part of the mandatory documentation, participants are asked to submit their talk abstracts, working group results, etc. for publication in our series Dagstuhl Reports via the Dagstuhl Reports Submission System.

  • Upload (Use personal credentials as created in DOOR to log in)
Shared Documents
Schedule
Motivation
Show Motivation

AI is transforming computer security in ways that have significant potential to disrupt the effectiveness of current defensive standards. The vulnerabilities of the AI systems themselves, along with their potential use as offensive tools, introduce a new dimension to the threat modeling of computer systems. As AI models increasingly power autonomous agents, this attack surface continues to expand, giving rise to novel threats that impact both society and industry. At the same time, AI models and autonomous agents could also serve as transformative tools for developing advanced defensive techniques. The rapid pace of AI development creates significant uncertainty about what will be required to defend against AI-based attacks and how to devise autonomous cyber defenses. By reducing reliance on manual intervention and integrating with existing defense mechanisms, AI defensive systems may offer new ways to counter attacks and mitigate threats.

This Dagstuhl Perspectives Workshop aims to develop a systematic understanding of how AI agents can be used in both offensive and defensive security. Our goal is to bring together expertise from diverse domains to establish a comprehensive threat and defense landscape for AI agents, in order to collaboratively synthesize a comprehensive manifesto of how autonomous AI cyber agents can potentially disrupt current defensive standards. More specifically, we aim to discuss questions such as:

  • What is the current state of abilities and adoption in the wild, for AI cyber agents?
  • What stages and contexts of computer security tasks are easiest for AI agents and why?
  • How will the indicators of adversarial behaviors change if an AI agent is orchestrating the attack, instead of a human?
  • How can the security of an AI agent be quantified?
  • What factors most influence capabilities of AI agents and can they be manipulated?
  • What vulnerabilities are unique to AI Agents?
  • How will asymmetries in computer security be disrupted by AI Agents?

Given the dynamic nature of AI research, the workshop will provide an open platform for discussing related and emerging themes, fostering a broader conversation on the role of AI agents in security.

Copyright Alvaro Cárdenas Mora, Kathrin Grosse, Nicole Nichols, and Konrad Rieck
Participants
Show Participants

Please log in to DOOR to see more details.

  • Sahar Abdelnabi (Microsoft Research - Cambridge, GB) [dblp]
  • Alvaro Cárdenas Mora (University of California - Santa Cruz, US) [dblp]
  • Lorenzo Cavallaro (University College London, GB) [dblp]
  • Gabriela Ciocarlie (Stevens Institute of Technology - Hoboken, US) [dblp]
  • Mario Fritz (CISPA - Saarbrücken, DE) [dblp]
  • Giorgio Giacinto (University of Cagliari, IT) [dblp]
  • Kathrin Grosse (IBM Research Europe - Zürich, CH) [dblp]
  • Chris Hicks (The Alan Turing Institute - London, GB) [dblp]
  • Thorsten Holz (MPI-SP - Bochum, DE) [dblp]
  • Somesh Jha (University of Wisconsin-Madison, US) [dblp]
  • Monica Landoni (USI – Lugano, CH) [dblp]
  • Pavel Laskov (Universität Liechtenstein, LI) [dblp]
  • Wenke Lee (Georgia Institute of Technology - Atlanta, US) [dblp]
  • Jaron Mink (Arizona State University - Tempe, US) [dblp]
  • Nicole Nichols (Palo Alto Networks - Santa Clara, US) [dblp]
  • Daryna Oliynyk (Universität Wien, AT) [dblp]
  • Rebekah Overdorf (Ruhr-Universität Bochum, DE) [dblp]
  • Andrew Paverd (Microsoft Research - Cambridge, GB) [dblp]
  • Fabio Pierazzi (University College London, GB) [dblp]
  • Konrad Rieck (TU Berlin, DE) [dblp]
  • Ahmad-Reza Sadeghi (TU Darmstadt, DE) [dblp]
  • Lea Schönherr (CISPA - Saarbrücken, DE) [dblp]
  • Christian Schroeder de Witt (University of Oxford, GB) [dblp]
  • Edgar Weippl (Universität Wien, AT) [dblp]
  • Christian Wressnegger (KIT - Karlsruher Institut für Technologie, DE) [dblp]
Classification
  • Artificial Intelligence
  • Cryptography and Security
Keywords
  • AI Agents
  • AI Security
Seminar 26162
© 2026 Schloss Dagstuhl – Leibniz-Zentrum für Informatik GmbH
ImprintContactAccessibilityPrivacy