Search papers, labs, and topics across Lattice.
This survey paper analyzes the emerging security challenges in agentic AI systems, focusing on the transition from single agents to interconnected agent networks on the web. It presents a component-aligned threat taxonomy encompassing prompt abuse, environment injection, memory attacks, toolchain abuse, model tampering, and agent network attacks, and reviews existing defense strategies. The paper highlights the amplified risks in the Agentic Web due to delegation chains and cross-domain interactions, and outlines open challenges for web-scale deployment, advocating for research into interoperable identity, provenance, and scalable evaluation.
LLM agents acting in the real world introduce a whole new threat landscape beyond unsafe text, demanding a shift in focus towards system-level security for agent ecosystems.
Large Language Models (LLMs) are increasingly deployed as agentic systems that plan, memorize, and act in open-world environments. This shift brings new security problems: failures are no longer only unsafe text generation, but can become real harm through tool use, persistent memory, and interaction with untrusted web content. In this survey, we provide a transition-oriented view from Secure Agentic AI to a Secure Agentic Web. We first summarize a component-aligned threat taxonomy covering prompt abuse, environment injection, memory attacks, toolchain abuse, model tampering, and agent network attacks. We then review defense strategies, including prompt hardening, safety-aware decoding, privilege control for tools and APIs, runtime monitoring, continuous red-teaming, and protocol-level security mechanisms. We further discuss how these threats and mitigations escalate in the Agentic Web, where delegation chains, cross-domain interactions, and protocol-mediated ecosystems amplify risks via propagation and composition. Finally, we highlight open challenges for web-scale deployment, such as interoperable identity and authorization, provenance and traceability, ecosystem-level response, and scalable evaluation under adaptive adversaries. Our goal is to connect recent empirical findings with system-level requirements, and to outline practical research directions toward trustworthy agent ecosystems.
