Overview
Modern cyber operations undergo rapid changes due to the integration of autonomous, language-model-driven agents. In offensive operations, agentic systems automate penetration testing, red-team activities, and end-to-end network intrusion campaigns. Frontier models demonstrate high performance on public benchmarks. Conversely, cyber defense increasingly relies on autonomous agents for real-time threat detection, automated mitigation, and active countermeasure deployment. This co-evolution creates a complex adversarial environment where autonomous offensive models directly interact with adaptive defensive systems.
Despite these rapid capabilities, agentic architectures exhibit critical operational vulnerabilities. Offensive models are frequently trained on narrow, repetitive public corpora, which induce predictable statistical behaviors. Consequently, these agents remain vulnerable to targeted defensive deceptions, prompt exfiltration, and operational security failures. Similarly, automated defensive systems face challenges regarding evasion, input manipulation, and model poisoning. Traditional static evaluation environments fail to replicate these dynamic, model-on-model interactions. Therefore, a systematic analysis of both offensive limitations and defensive capabilities is essential to ensure the robustness of cyber operations.
The Workshop on Agentic AI in Offensive and Defensive Cyber Operations (AIDC) provides a specialized forum to address these emergent challenges. The goal of AIDC is to bring together researchers, practitioners, and policymakers from academia, industry, and government to advance the theory, methodology, and practice of agentic security. By establishing a shared space for adversarial AI specialists and cybersecurity operational experts, the workshop intends to transition the community from isolated model evaluations toward holistic, dynamic, and resilient systems design.
Call for Papers
AIDC solicits original contributions on a broad range of topics, which include but are not limited to:
Topics of Interest
-
Autonomous Offensive Operations
- Automated vulnerability discovery and exploitation
- Agentic penetration testing and autonomous red-teaming frameworks
- Optimization of multi-agent attack orchestration
-
Autonomous Defensive Countermeasures
- Autonomous detection, attribution, and digital forensics of AI-driven intrusions
- Deployment of automated patches and dynamic firewall configurations
- Active deception strategies and honeypots designed against AI agents
-
Model-on-Model Adversarial Interaction
- Evaluation of defensive prompt injections and indirect prompt injections
- Execution of counterattacks that exploit language model resource limitations and tokenization artifacts
- Data poisoning defenses directed at offensive pipelines
-
Evaluation Environments and Benchmarks
- Development of adaptive and dynamic cyber ranges
- Frameworks to analyze simulation-to-real transfer limits for autonomous agents
- Verification of benchmark integrity and resilience against memorization
-
Theory, Specification, and Governance
- Formal verification methods and rigorous specifications for agentic security
- Game-theoretic modeling of autonomous attacker-defender interactions
- Policy frameworks, coordinated disclosure models, and community norms for autonomous cyber operations
Important Dates
- Paper submission due: September 25, 2026 (Anywhere-on-Earth, AoE)
- Notification of paper acceptance: October 16, 2026
- Final paper due: October 30, 2026
Lightning Talk/Tutorial
- Lightning Talk/Tutorial submission due: October 8, 2026 (Anywhere-on-Earth, AoE)
- Notification of Lightning Talk/Tutorial acceptance: October 16, 2026
- Final Lightning Talk/Tutorial Abstract due: October 30, 2026
Paper Submission Categories
Regular technical papers: Up to 12 pages excluding references and appendices.
Short position papers or work-in-progress (WIP) papers: Up to 6 pages, excluding references and appendices. Short papers are suitable for position papers or original works whose descriptions fit within 6 pages. WIP papers are suitable for original yet incomplete work that is looking for middle-stage feedback from the community.
AIDC uses the official ACSAC HotCRP submission system.
- All submitted papers must be prepared in US Letter size, not A4, using the double-column IEEE conference format. This requirement will be strictly enforced. IEEE format templates are available at IEEE Conference Templates.
- LaTeX submissions must use the IEEEtran.cls version 1.8b template with the \documentclass[conference,compsoc]{IEEEtran} document class option.
- Submissions must be properly anonymized for double-blind review.
- Awards: Accepted papers will be considered for the Best Paper Award.
Industry Submissions
We welcome submissions from industry practitioners and professionals with non-academic backgrounds. If you develop practical offensive or defensive systems and wish to publish your applied research in an academic venue, we encourage you to submit your work to AIDC 2026.
Submission Guidelines for Tutorials
We invite submissions of tutorial proposals that emphasize the live demonstration of agentic systems in offensive and defensive cyber operations. We seek demonstration-driven sessions. In these sessions, presenters must show how their autonomous offensive or defensive systems operate in practice. Tutorials should align with the core themes of the AIDC workshop.
Each tutorial submission will undergo a review process to evaluate relevance, originality, and feasibility. Accepted tutorials will receive a 30-minute to 45-minute time slot during the workshop. Presenters must devote a significant portion of this time to live demonstrations, audience questions, and interactive exploration.
- Autonomous vulnerability discovery and penetration testing frameworks
- Automated defensive countermeasures, active deception strategies, and honeypots
- Adversarial interactions, such as prompt injections and data poisoning defenses
- Adaptive evaluation environments and dynamic cyber ranges
Submission Guidelines for Lightning Talks
We will host a Lightning Talks session at the AIDC workshop. We request concise, 5-minute in-person presentations on topics of immediate interest to the agentic security community.
Please note that lightning talks are not intended for self-promotion or commercial advertisement. Presenters must share concepts, methodologies, or findings that apply broadly and initiate meaningful discussions. Presenters must focus on the research or system. They must avoid promoting products, services, or organizations. We require presenters to avoid sales pitches, advertisements, and excessive emphasis on personal or corporate achievements. We will strictly enforce the time limit for all presentations.
Lightning Talk submission form
Please submit your Lightning Talk title and abstract, maximum of 200 words, for full consideration via the Lightning Talk submission form. We will publish the accepted abstracts on the workshop website.
- Emerging research areas
- Work-in-progress ideas and preliminary results
- Practical problems and lessons learned
- Methodology details
- Evaluation environments and simulations
- Data and visualizations, such as adversarial AI and cyber operations datasets
- Interdisciplinary subjects related to autonomous cyber operations
Publications and Registration
All accepted papers will be published by IEEE. Abstracts for lightning talks and tutorials will be available on the AIDC webpage but will not be published by IEEE.
At least one author of each accepted submission (paper, lightning talk, or tutorial) must register for the workshop and present their work. Simultaneous submission of the same work to multiple venues or the submission of previously published work is strictly prohibited.
Please register for the workshop through the ACSAC registration page. You must select the appropriate box on the conference registration form to include the AIDC Workshop fee.
If you require a visa, please plan ahead to ensure sufficient processing time. To begin the visa application process, please review the instructions provided at the conference website.
AI Usage Policy
Authors must follow the ACSAC AI Usage Policy for all workshop submissions.
Invited Speakers
Invited speakers will be announced closer to the workshop date.
Snehal Antani
Baris Coskun
Christopher Kruegel
Wenke Lee
Giovanni Vigna
Kerri Prinos
Z. Berkay Celik
Dongyan Xu
Muslum Ozgur Ozmen
Ananth Shreekumar