7 September 2026 (Afternoon)
Chongqing, China
The International Telecommunication Union (ITU) is organizing a workshop on
"Advancing Standardization for Secure Agentic AI” on the
afternoon of 7 September 2026 in Chongqing, China, at the kind invitation of the China Automotive Engineering Research Institute (CAERI).
The workshop is organized alongside the 2nd Content Week meetings of
ITU-T Study Group 17, Security, 7-11 September 2026 (see
TSB Collective 9/17).
The objectives of the workshop is to:
- Consolidate outcomes from the July 2026 AI for Good session on Agentic AI, and further identify key security, trust and governance challenges and standardization gaps
- Explore risk management mechanisms, security frameworks, and trustworthy evaluation methods for Agentic AI;
- Define priority areas, collaboration models and standardization roadmap for SG17’s future standardization work on AI security strategy (this time especially on Agentic AI);
Participation is free of charge and open to all interested stakeholders including ITU Member States, Sector Members, Associates and Academic Institutions and to any individual from a country that is a member of ITU and who wishes to contribute to the work.
See detailed steps on how to register hereRegister hereRemote Participation: Connect to the
MyWorkspace platform using the same
ITU user account with which you registered for the meeting. You can launch the remote session by clicking the
"JOIN" button from 30 minutes prior to the start of the meeting.
Draft Programme coming soon
14:00–14:10
| Opening remarks MC: Naying Hu, Associate Rapporteur Question 16/17, CAICT
- Arnaud Taddei, Chair ITU-T Study Group 17, Broadcom
- Liang Wei, Vice Chair, ITU-T Study Group 17, CAICT
|
14:10–14:50
| Session 1: Security Risks and Attack Surface Analysis of Agentic AI This session maps the distinctive attack surface of Agentic AI — unauthorized tool and action execution, cross-agent identity spoofing, behavioral deception and goal hijacking, supply-chain poisoning, and loss of autonomous control. Rather than treating these in the abstract, it draws concrete lessons from recent red-team challenges and from the security analysis of frontier agentic systems such as OpenClaw and Mythos, where autonomous planning and self-directed execution have exposed new, exploitable failure modes. The aim is to turn these findings into a shared, evidence-based threat picture for SG17's later work. Format: Presentation (20 mins per speaker) Moderator: Heung Youl Youm, Soonchunhyang University, Korea (Rep. of) Speaker: - Dawn Song, UC Berkeley, Professor in Computer Science [TBC]
- Xudong Pan, Fudan University, Associate Research Fellow at School of Computer Science [TBC]
|
| 14:50-15:35 | Session 2: Endogeneous Security Mechanisms for Agentic AI This session examines security mechanisms built into the agent itself — secure-by-design architecture, policy-driven decision constraints, runtime self-inspection, chain-of-thought and behavioral monitoring, and secure update. It explores the standardization needs arising from these new situations, focusing on the gap between what Agentic AI now demands and what SG17's existing standards already cover. Format: Presentation (15 mins per speaker) Moderator: Zhiyuan Hu, vivo Mobile Communication Ltd., WP4/17 Chair Speaker: - Yaodong Yang, Peking University [TBC]
- Saad Siddiqui, SAIF [TBC]
- Tian Tian, ZTE
|
| 15:35-15:50 | Coffee Break
|
15:50-16:35
| Session 3: Security Evaluation and Verification Methods for Agentic AI This session explores how to evaluate and verify the security of Agentic AI systems — security testing, formal verification, runtime audit and security metrics — within standardized assessment frameworks. It takes an integration-centric view: as agents are integrated into real ICT systems, evaluation must establish a verifiable baseline at the point of integration, and define what security evidence and assurances integrators should require from the suppliers of agents, tools and models. Format: Presentation (15 mins per speaker) Moderator: Naying Hu, Associate Rapporteur Question 16/17, CAICT Speaker: TBD
- Bo LIU, CAICT
- Automated Testing Methodologies for Agentic AI via Adversarial Generation Techniques, Tang Ning, CAERI Co., Ltd
|
16:35-17:20
| Session 4: What Frontier Developers Can Give Us — Securing Agentic AI in Practice This session asks whether it is affordable in practice, and brings in the frontier model developers best placed to answer. The focus is on the trade-offs that only appear once a real model ships. How much capability does security cost? Where does assurance break down at frontier scale? Which of the requirements cannot yet be met? Developers from leading frontier model enterprises will give a frank verdict on what is easy and what is hard. They will also share what they can offer the wider ecosystem, including the practices and evidence ready to be reused, and the open problems where industry still needs support. Format: Roundtable Discussion Moderator: Debora Comparin, Thales Group | WP1/17 Chair [TBC]
|
17:20-17:40
| Future outlook and closing remarks- Arnaud Taddei, Chair, ITU-T Study Group 17, Broadcom
|