diff --git a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy
index 890c8cf7bb1..2f4144901de 100644
--- a/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy
+++ b/dd-java-agent/appsec/src/test/groovy/com/datadog/appsec/user/AppSecEventTrackerSpecification.groovy
@@ -268,6 +268,15 @@ class AppSecEventTrackerSpecification extends DDSpecification {
     thrown(BlockingException)
   }
 
+  void 'should not fail on null callback'() {
+    when:
+    tracker.onUserEvent(UserIdCollectionMode.IDENTIFICATION, 'test-user')
+
+    then:
+    noExceptionThrown()
+    provider.getCallback(EVENTS.user()) >> null
+  }
+
   private static class ActionFlow<T> implements Flow<T> {
 
     private Action action
diff --git a/dd-java-agent/instrumentation/spring-security-5/src/main/java/datadog/trace/instrumentation/springsecurity5/AppSecDeferredContext.java b/dd-java-agent/instrumentation/spring-security-5/src/main/java/datadog/trace/instrumentation/springsecurity5/AppSecDeferredContext.java
index bfdea675ef9..4b4a952974e 100644
--- a/dd-java-agent/instrumentation/spring-security-5/src/main/java/datadog/trace/instrumentation/springsecurity5/AppSecDeferredContext.java
+++ b/dd-java-agent/instrumentation/spring-security-5/src/main/java/datadog/trace/instrumentation/springsecurity5/AppSecDeferredContext.java
@@ -1,10 +1,14 @@
 package datadog.trace.instrumentation.springsecurity5;
 
 import java.util.function.Supplier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.security.core.context.SecurityContext;
 
 public class AppSecDeferredContext implements Supplier<SecurityContext> {
 
+  private static final Logger LOGGER = LoggerFactory.getLogger(AppSecDeferredContext.class);
+
   private final Supplier<SecurityContext> delegate;
 
   public AppSecDeferredContext(final Supplier<SecurityContext> delegate) {
@@ -15,7 +19,11 @@ public AppSecDeferredContext(final Supplier<SecurityContext> delegate) {
   public SecurityContext get() {
     SecurityContext context = delegate.get();
     if (context != null) {
-      SpringSecurityUserEventDecorator.DECORATE.onUser(context.getAuthentication());
+      try {
+        SpringSecurityUserEventDecorator.DECORATE.onUser(context.getAuthentication());
+      } catch (Throwable e) {
+        LOGGER.debug("Error handling user event", e);
+      }
     }
     return context;
   }
diff --git a/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java b/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java
index 352f2304be3..a274bd1983c 100644
--- a/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java
+++ b/internal-api/src/main/java/datadog/trace/api/appsec/AppSecEventTracker.java
@@ -142,6 +142,9 @@ private <T> void dispatch(
       return;
     }
     final T callback = cbp.getCallback(event);
+    if (callback == null) {
+      return;
+    }
     final Flow<Void> flow = consumer.apply(ctx, callback);
     if (flow == null) {
       return;