Gideon Lichfield (former editor-in-chief at WIRED and MIT Technology Review) has just highlighted the emerging field of multi-agent security in a Bloomberg opinion piece – now also featured on Bruce Schneier’s blog. Great to see how this field is taking off. For those interested in the underlying research agenda, here is the arXiv v0 on multi-agent security.

The field of multi-agent security was first defined by OWL PI Christian Schroeder de Witt.

OWL has successfully [co-hosted a multi-agent security workshop at DAI'25][https://wittlab.ai/event/masec_dai25]. The workshop took place in King’s College, London and surfaced new threat models and practitioner insights.

Decentralised AI is shifting from isolated agents to networks of interacting agents operating across shared platforms and protocols. This creates security challenges beyond traditional cybersecurity and single-agent safety, where free-form communication and tool use are essential for task generalisation yet open new system-level failure modes. These security vulnerabilities complicate attribution and oversight, and network effects can turn local issues into persistent, systemic risks (e.g., privacy leaks, jailbreak propagation, distributed attacks, or secret collusion). The workshop will address open challenges in multi-agent security as a discipline dedicated to securing interactions among agents, human–AI teams, and institutions—emphasising security–performance–coordination trade-offs, secure interaction protocols and environments, and monitoring/containment that remain effective under emergent behaviour. The main focus will lie on threat model discovery through community interaction.

The Oxford Witt Lab (OWL) PI Dr. Christian Schroeder de Witt has won a Schmidt AI2050 Early Career Fellowship as one of 21 awardees selected globally this year. See announcements by Forbes, the University of Oxford, and on the Schmidt Sciences website.

Schroeder de Witt receives the 3-year fellowship valued at $500,000 for defining the field of multi-agent security and, in particular, his research agenda on undetectable threats. In the coming years, powerful AI systems will work together, creating new security risks that may be practically infeasible—or even, in some regimes, theoretically impossible—to detect, undermining security approaches based on anomaly detection alone. Schroeder de Witt’s project explores how AI agents might exploit concealed capabilities, secretly share hidden messages, or carry out invisible attacks—and how to prevent them through secure-by-design architectures. The program blends theory and experiments to establish formal detectability limits and develop practical mitigations, including hardened interaction protocols, evaluation and red-team playbooks, and design patterns for resilient multi-agent systems. By acting now, the project aims to keep deployment practice ahead of emerging multi-agent threats.

The Oxford Witt Lab, in collaboration with Torr Vision Group and the BBC, has been awarded a Best Paper Award at the CFAgentic Workshop at the International Conference on Machine Learning for its work MAD-Sherlock. Huge congratulations to joint first authors, former master’s student Kumud Lakara and AIMS CDT student Georgia Channing!