Search papers, labs, and topics across Lattice.
This paper analyzes the novel security challenges introduced by AI agents, focusing on vulnerabilities arising from changes in code-data separation, authority boundaries, and execution predictability. It maps attack surfaces across tools, connectors, hosting, and multi-agent coordination, highlighting indirect prompt injection, confused-deputy behavior, and cascading failures. The paper then assesses existing defenses and identifies research gaps in adaptive security benchmarks, policy models, and secure multi-agent system design.
AI agents introduce a new class of security risks that current defenses are ill-equipped to handle, demanding urgent research into adaptive benchmarks and policy models.
This article, a lightly adapted version of Perplexity's response to NIST/CAISI Request for Information 2025-0035, details our observations and recommendations concerning the security of frontier AI agents. These insights are informed by Perplexity's experience operating general-purpose agentic systems used by millions of users and thousands of enterprises in both controlled and open-world environments. Agent architectures change core assumptions around code-data separation, authority boundaries, and execution predictability, creating new confidentiality, integrity, and availability failure modes. We map principal attack surfaces across tools, connectors, hosting boundaries, and multi-agent coordination, with particular emphasis on indirect prompt injection, confused-deputy behavior, and cascading failures in long-running workflows. We then assess current defenses as a layered stack: input-level and model-level mitigations, sandboxed execution, and deterministic policy enforcement for high-consequence actions. Finally, we identify standards and research gaps, including adaptive security benchmarks, policy models for delegation and privilege control, and guidance for secure multi-agent system design aligned with NIST risk management principles.
