Augmented reality (AR) technologies, which overlay digital content atop the user’s perception of the real world, are on the brink of pervasive commercial deployment. AR brings new modes of interaction, eliciting unique user expectations and behaviors, but its user-facing security and privacy challenges remain underexplored. In particular, my work identifies multi-user AR – which includes such compelling use cases as in-person collaborative tools, multiplayer gaming, and telepresence – as containing many unsolved problems in handling users’ malicious or careless behavior. In this talk, I discuss my work on security and privacy for multi-user AR interactions, spanning methodologies from studying users to threat modeling to system building. I argue that AR’s physical-world integration drives novel user expectations, that navigating this physicality poses crucial challenges for supporting secure and private AR content sharing, and that these challenges pose fundamental design questions that must be addressed while the technology is still nascent. I show that the security and privacy properties of an AR interaction are tied to interaction semantics, motivating a flexible AR content sharing module that can support many application needs. I systematize security and functionality design goals for such a module, and I design and prototype ShareAR, an application-level module for the Microsoft HoloLens that meets these goals. I demonstrate that ShareAR can meet the security and functionality needs of a range of applications in relatively few lines of code and with low performance overhead. The ShareAR code is publicly available and has been qualitatively tested by two undergraduate developers. In addition to directly supporting secure multi-user AR interactions, this work provides a scaffold for defining security and privacy for multi-user AR interactions, opening directions for future work in this space. By building foundations for secure multi-user AR content sharing, my work takes steps toward allowing AR to securely reach its full potential.