The Second Workshop on Agents in the Wild: Safety, Security, and Beyond

The year 2025 was recognized as the year of the agent, with advances in AI agents that can perceive, reason, and act in complex real-world environments. For example, OpenAI's Operator can interact with a browser to take actions on the web to complete tasks such as booking a trip. Unlike LLMs, agentic systems introduce fundamentally different safety and security challenges, such as the risks of irreversible real-world consequences. The first workshop on Agents in the Wild at ICLR 2026 aimed to address these foundational concerns. However, the situation has only grown more urgent. For example, recent agents like OpenClaw now enable agent-only communities where AI agents interact with minimal human oversight, amplifying existing vulnerabilities while introducing novel challenges in new real-world settings such as multi-agent coordination. Building on the success of the first workshop, which received 235 submissions and anticipated 800 attendees, we propose a second iteration to tackle both the escalating foundational challenges and these emerging risks. Through invited talks, contributed papers, and structured discussions, the workshop seeks to formalize open research problems and establish a comprehensive and interdisciplinary research agenda for building safe, secure, and reliable agentic systems deployed in the wild.