Someone with a finished cybersecurity paper, or a half-formed idea about agentic AI risk, eventually needs a venue that practitioners actually read and cite. That is the question ACSAC answers. The Annual Computer Security Applications Conference has run every year since 1985, which puts the 2026 meeting at its 42nd edition, scheduled for December 7 to 11 in Los Angeles. Longevity alone does not make a venue useful, but four decades of continuous proceedings means the back catalogue covers ground that researchers still reach for: applied cryptography, network security, intrusion detection, access control, malware analysis, and the territory between them.
Multiple submission paths for different work types
What the site does well is lay out the submission paths without forcing you to guess where your work fits. Peer-reviewed technical papers are the spine, but there is also room for case studies, panels, posters, workshops, and an artifacts competition for people who want their tools and datasets evaluated alongside the writing. The conference deliberately mixes academia, industry, and government, and those audiences do not all produce the same kind of output, so a single submission category would squeeze out half the people with something worth saying. A practitioner with a field report and a graduate student with a formal proof can both find a slot, and the call-for-submissions guidelines spell out what each path expects.
The 2026 hard-topic theme is "Security and Privacy of Agentic Systems," which tracks the way attention has swung toward AI agents that act on their own initiative. I find it a sensible bet rather than a fashionable one, since agentic software is exactly where applied security questions are outrunning the published literature. The organizers pair this with something many older conferences still avoid putting in writing: an explicit policy on AI and large language model use in submissions. Having that stated up front, instead of left to a reviewer's mood, is evidence the program committee has actually thought about where the field is heading and how authors might lean on these tools.
Student support and program transparency
For students, two things stand out. ACSAC runs a Student Conferships program that helps cover the cost of attending, and it hosts the IEEE Computer Society Global Student Challenge. Neither is unusual on its own, but together they point to a conference that wants new entrants in the room alongside the established names who already publish there every cycle. The organizing and program committee rosters are published openly, so anyone weighing whether to submit can see who is reviewing and whether their subfield is represented on the panel. That transparency does real work for a first-time author trying to gauge whether the effort of a submission is worth it.
IEEE affiliation and credibility framework
It is worth being clear about what kind of body ACSAC is. The IEEE affiliation is not decoration. It places the conference inside the same institutional framework that governs much of the field's formal literature, which is why the proceedings flow naturally into IEEE's own indexes. For an academic chasing citations or a practitioner trying to point a manager at a vetted reference, that lineage answers the credibility question before it is even asked.
Social presence across multiple platforms
Logistics are handled with the same plainness. Venue and registration details are posted, sponsorship information is available for organizations that want a presence, and the social footprint is broad: Bluesky, Mastodon, Facebook, the platform formerly branded Twitter, and YouTube. The inclusion of Bluesky and Mastodon is a small tell that the people running the channels follow where the security community has actually migrated, well past where it used to gather.
How the archive serves future research
The part that gives the listing weight beyond a single week in December is the proceedings. Past papers reach back across the conference's full history and are accessible through IEEE and the ACSAC digital library. So even for someone with no intention of attending, the site functions as a doorway into a deep, searchable record of applied security research. That is arguably its most durable value, because conferences come and go in relevance, but a well-indexed archive of peer-reviewed work keeps paying off long after the sessions end. Anyone tracing how a defense technique evolved, or hunting for prior art before starting a new project, will find the ACSAC archive a faster route than scattered web searches.
Scope and practical focus
If there is a limit worth naming, it is simply that ACSAC is a specialist venue and reads like one. The applications-and-systems framing means the program leans toward work with a practical bent, so a purely theoretical cryptographer or someone chasing the very largest flagship audiences may find the fit imperfect. That is a scope observation, not a flaw. The conference knows what it is and states it clearly.
Who should submit or attend?
The verdict is straightforward for the people it targets and qualified for everyone else. For a security researcher or practitioner working anywhere near applied defense, agentic-system risk, malware, or access control, ACSAC is a credible, long-running place to publish or attend, and the site gives you everything needed to make that call. For a casual visitor outside the field, it will read as dense and inside-baseball, which is the honest cost of a venue built for specialists. Nothing here is dressed up to look more accessible than it is, and that bluntness is itself a mark of a serious program. ACSAC knows what it is, states it plainly, and delivers on the claim.