This work presents the first holistic survey of the agentic security landscape, structuring the field around three interdependent pillars: Applications, Threats, and Defenses. It provides a comprehensive taxonomy of over 150 papers, explaining how LLM-agents are used, their vulnerabilities, and the countermeasures designed to protect them. A detailed cross-cutting analysis reveals emerging trends and critical research gaps in model and modality coverage. ✨
Article Points:
1
LLM-agents introduce a new class of inherent security risks in cybersecurity.
2
The survey provides a holistic view of agentic security across applications, threats, and defenses.
3
A comprehensive taxonomy of over 150 papers details agent use, vulnerabilities, and countermeasures.
4
Identified trends include planner-executor architectures and GPT model dominance.
5
Critical research gaps exist in model and modality coverage, with RAG poisoning under-defended.
6
Future work should focus on cross-domain systems, economics, and provable safety guarantees.
Applications
Red Teaming
- Autonomous Penetration Testing
- Vulnerability Discovery & Fuzzing
- Exploit Generation & Adaptation
Blue Teaming
- Threat Detection & Incident Response
- Intelligent Threat Hunting
- Automated Forensics & RCA
- Autonomous Patching & Remediation
Domain-specific
- Cloud & Infrastructure Security
- Web & Application Security
- Specialized Applications
Threats
Attack Surface
- Injection Attacks
- Poisoning & Extraction Attacks
- Jailbreak Attacks
- Agent Manipulation Attacks
- Red-Teaming Attacks
Evaluation Frameworks
- Adversarial Benchmarking
- Execution Environments
Defenses
Defenses & Operations
- Secure-by-Designs
- Multi-Agent Security
- Runtime Protection
- Security Operations
Evaluation Frameworks
- Benchmarking Platforms
- Defense Testing
- Domain Specific
Cross-Cutting Analysis
Architecture Patterns
Agent Role Distribution
LLM Backbones
Knowledge Sources
Data Modalities
Future Work