Connecting the world and beyond

ITU Workshop on "Advancing Standardization for Secure Agentic AI"

​​​​
 7 September 2026 (Afternoon)

Chongqing, China



The International Telecommunication Union (ITU) is organizing a  workshop on  "Advancing Standardization for Secure Agentic AI”  on the afternoon of 7 September 2026  in Chongqing, China, at the kind invitation of the China Automotive Engineering Research Institute (CAERI). 

The workshop is organized alongside the 2nd Content Week meetings of ITU-T Study Group 17, Security, 7-11 September 2026 (see TSB Collective 9/17​).

The objectives of the workshop is to:
 The workshop will be preceeded  by a first workshop,  ITU Workshop on "Intelligent Transport System and Connected Autonomous Vehicle Security"​  taking place at  the same venue, on the  morning  of 7 September 2026.

Participation is free of charge and open to all interested stakeholders including ITU Member States, Sector Members, Associates and Academic Institutions and to any individual from a country that is a member of ITU and who wishes to contribute to the work.​ 

See detailed steps on how to register here​


Register here​


Remote Participation: Connect to the MyWorkspace​ platform using the same ITU user account with which you registered for the meeting. You can launch the remote session by clicking the "JOIN" button from 30 minutes prior to the start of the meeting.​

Draft Programme  coming soon 

14:0014:10
Opening remarks

MC: Naying Hu, Associate Rapporteur Question 16/17, CAICT


14:1014:50
Session 1: Security Risks and Attack Surface Analysis of Agentic AI

This session maps the distinctive attack surface of Agentic AI — unauthorized tool and action execution, cross-agent identity spoofing, behavioral deception and goal hijacking, supply-chain poisoning, and loss of autonomous control. Rather than treating these in the abstract, it draws concrete lessons from recent red-team challenges and from the security analysis of frontier agentic systems such as OpenClaw and Mythos, where autonomous planning and self-directed execution have exposed new, exploitable failure modes. The aim is to turn these findings into a shared, evidence-based threat picture for SG17's later work.

Format: Presentation (20 mins per speaker)

Moderator: Heung Youl Youm, Soonchunhyang University, Korea (Rep. of)

Speaker:​

14:50-15:35Session 2: Endogeneous Security Mechanisms for Agentic AI

This session examines security mechanisms built into the agent itself — secure-by-design architecture, policy-driven decision constraints, runtime self-inspection, chain-of-thought and behavioral monitoring, and secure update. It explores the standardization needs arising from these new situations, focusing on the gap between what Agentic AI now demands and what SG17's existing standards already cover.

Format: Presentation (15 mins per speaker)

Moderator: Zhiyuan Hu, vivo Mobile Communication Ltd., WP4/17 Chair

Speaker: ​

15:35-15:50Coffee Break
15:50-16:35
Session 3: Security Evaluation and Verification Methods for Agentic AI

This session explores how to evaluate and verify the security of Agentic AI systems — security testing, formal verification, runtime audit and security metrics — within standardized assessment frameworks. It takes an integration-centric view: as agents are integrated into real ICT systems, evaluation must establish a verifiable baseline at the point of integration, and define what security evidence and assurances integrators should require from the suppliers of agents, tools and models.

Format: Presentation (15 mins per speaker)

Moderator: Naying Hu, Associate Rapporteur Question 16/17, CAICT

Speaker: TBD​

16:35-17:20
Session 4: What Frontier Developers Can Give Us — Securing Agentic AI in Practice

This session asks whether it is affordable in practice, and brings in the frontier model developers best placed to answer. The focus is on the trade-offs that only appear once a real model ships. How much capability does security cost? Where does assurance break down at frontier scale? Which of the requirements cannot yet be met? Developers from leading frontier model enterprises will give a frank verdict on what is easy and what is hard. They will also share what they can offer the wider ecosystem, including the practices and evidence ready to be reused, and the open problems where industry still needs support.

Format: Roundtable Discussion

Moderator: Debora Comparin, Thales Group | WP1/17 Chair [TBC]

17:20-17:40
Future outlook and closing remarks
  • Arnaud Taddei, Chair, ITU-T Study Group 17, Broadcom

​​​



RELATED INFORMATION

DOCUMENTATION AND REGISTRATION

ORGANIZED BY

.​​​