In the rapidly shifting landscape of global cybersecurity, few voices carry as much weight as Malik Haidar. With a career forged in the trenches of multinational corporations, Haidar has built a reputation for blending deep technical intelligence with a pragmatic business perspective. As the digital world prepares for the pivotal announcements at Infosecurity Europe, the focus has shifted toward a new frontier: agentic AI. This evolution represents a departure from static bots to autonomous agents capable of reasoning and acting at machine speed. To address this, the Open Worldwide Application Security Project is stepping up with a specialized research council designed to bridge the gap between academic theory and the brutal reality of modern cyber threats. Our conversation explores the necessity of this coordination, the collapse of traditional response times, and the emergence of “multi-agent” risks that threaten to overwhelm human defenders.
The rapid evolution of autonomous AI seems to be outstripping our existing security frameworks. How is the new research council designed to synchronize these two very different speeds of development?
The reality we face is that traditional security standards move at a glacial pace compared to the “machine speed” of autonomous agents. At Infosecurity Europe on June 4, the unveiling of the Agentic Research Council marks a formal effort to close this widening gap by creating a direct pipeline between academia and industry practitioners. We are moving away from the ad hoc collaboration of the past toward a coordinated structure where PhD research is directly aligned with the immediate needs of CISOs and developers. By sponsoring specific academic roadmaps and converting those findings into deployable mitigations, the council ensures that discoveries don’t just sit in a journal but actually reach the people on the front lines. It is about creating a global collaboration that includes everyone from government policymakers to model makers, ensuring we aren’t just reacting to a “perfect tsunami” of growth but actually steering the industry toward safety.
You’ve described this initiative as being “expert-backed but community-driven.” How does that specific balance influence the way security guidance is created for something as complex as agentic AI?
This balance is the secret sauce that made the previous Top 10 guidance for LLM security so successful, and we are doubling down on it now. By being community-driven, we capture the raw, real-world anxieties and technical hurdles that developers face when they are trying to implement projects like OpenClaw or NanoClaw. However, the expert-backed element provides the validation and rigor necessary to ensure that the guidance can survive the scrutiny of a multinational corporation’s security audit. We are essentially democratizing high-level security expertise so that even smaller teams can access the same level of protection as the biggest frontier model makers. The council will maintain a public pipeline of research topics and transparent charters, ensuring that the collective intelligence of the global community is filtered through a lens of operational reality.
With the rise of AI agents that act autonomously, you’ve suggested that our focus needs to shift from development-centered governance to runtime monitoring. Why is that shift so critical right now?
When an AI agent can exploit a vulnerability in a fraction of the time it takes a human to even receive an alert, the old way of doing things—focusing purely on secure development lifecycles—simply fails. We are seeing a total collapse of the “time-to-impact,” which means the moment an agent identifies a flaw, the exploitation is already underway at a speed no human can match. This is why we are advocating for agent-level monitoring and controls that operate within the runtime environment itself. We need to be watching what these agents are doing while they are doing it, rather than just hoping we built them correctly in the first place. It forces a fundamental rethink of incident response and red teaming, moving the unit of analysis from the static code to the dynamic, living behavior of the agent as it interacts with its environment.
The concept of “multi-agent security” has been gaining a lot of attention recently. What are the specific “composability risks” that emerge when these autonomous entities start interacting with each other?
The preprint paper published on arXiv on April 29 really highlights the terrifying beauty of this problem, because analyzing agents in isolation is no longer a viable strategy. When you have multiple agents interacting, they can discover new tools and assemble dynamic toolchains that were never envisioned by their original creators, leading to emergent behaviors that exist entirely outside of the design-time attack surface. It’s like a digital chemistry experiment where two stable elements combine to create something volatile; the agents might collaborate to bypass a security check that neither could overcome alone. This breaks almost all of our “human-in-the-loop” assumptions, where we expect a person to validate every single action. Instead, we have to prepare for a world of “human-on-the-loop,” where our role is oversight and policy monitoring rather than manual intervention in every step of a multi-agent swarm.
You’ve used a powerful analogy comparing agentic AI to the way drones transformed kinetic warfare. How does that comparison help security leaders visualize the scale of the threat they are facing?
In the past, warfare—both kinetic and digital—often relied on super expensive, specialized equipment that was only accessible to major powers, but drones changed that by commoditizing the battlefield. Agentic AI is doing the exact same thing to cybersecurity by making sophisticated, machine-speed attacks accessible to almost anyone with a basic model like GPT-5.5. Imagine a swarm of drones acting so fast that they require a million individual responses simultaneously; that is an impossible task for a human defender, and it’s exactly what an agentic swarm looks like to a traditional SOC team. This democratization of attack capabilities means that we are no longer just fighting a few elite hackers, but a tide of automated assets that can overwhelm traditional defenses through sheer volume and speed. It forces us to adopt “agent-level” policy monitors because you cannot bring a human knife to a machine-speed gunfight.
The upcoming paper on the “State of Agentic AI and Governance” promises to be highly actionable for “people on the ground.” What can defenders expect from this maturity and risk-tiering scheme?
Scheduled for release on June 1, this paper is designed to be the bridge between high-level theory and the gritty work of daily defense. It provides a practical framework that maps our Top 10 controls to different risk tiers, whether you are dealing with a simple AI copilot or a complex multi-component platform used in heavy manufacturing. We wanted to give security leaders something they could implement today, rather than making them wait for formal standards bodies to catch up in a year or two. It covers everything from operationalizing runtime behavior monitoring to building compliance workflows that can actually handle the autonomy of these systems. The goal is to provide a synthesis of adoption patterns so that a CISO can look at their specific implementation and know exactly which controls to prioritize to prevent their agents from becoming a liability.
What is your forecast for agentic AI security over the next few years?
My forecast is that we are about to enter an era where the boundary between “system” and “user” disappears, replaced by an ecosystem of interacting agents that will define the new perimeter. By 2026, the commoditization of frontier models like Anthropic’s Mythos or OpenAI’s latest releases will mean that even the most basic business processes will be managed by autonomous swarms, making runtime governance the only relevant form of defense. We will see a massive shift where security teams stop managing firewalls and start managing “agent policies,” acting more like air traffic controllers for digital swarms than traditional gatekeepers. The organizations that thrive will be those that embrace “secure-by-design” principles but supplement them with robust, machine-speed observability. Ultimately, the survival of our digital infrastructure depends on our ability to build a collaborative, global defense that can evolve as fast as the agents we are trying to protect.
