Securing Agentic AI: A Comprehensive Threat Model and Mitigation Framework for Generative AI Agents
Vineeth Sai Narajala, Om Narayan
TL;DR
This work argues that GenAI agents introduce security risks distinct from traditional systems due to autonomy, persistent memory, and tool integration. It proposes ATFAA, a domain-based threat model, and SHIELD, a six-part mitigation framework, to address nine prioritized threats across five domains. The paper combines literature review, theoretical threat modeling, expert validation, and case studies to articulate attacker capabilities and practical defenses, mapping threats to STRIDE while detailing concrete mitigations such as segmentation, heuristic monitoring, and memory integrity checks. The contributions provide a structured security lens tailored to agentic architectures, enabling enterprises to reduce exposure while preserving the transformative potential of GenAI agents. The work emphasizes the need for empirical validation, quantitative risk assessment, and security-by-design practices to ensure safe deployment at scale.
Abstract
As generative AI (GenAI) agents become more common in enterprise settings, they introduce security challenges that differ significantly from those posed by traditional systems. These agents are not just LLMs; they reason, remember, and act, often with minimal human oversight. This paper introduces a comprehensive threat model tailored specifically for GenAI agents, focusing on how their autonomy, persistent memory access, complex reasoning, and tool integration create novel risks. This research work identifies 9 primary threats and organizes them across five key domains: cognitive architecture vulnerabilities, temporal persistence threats, operational execution vulnerabilities, trust boundary violations, and governance circumvention. These threats are not just theoretical they bring practical challenges such as delayed exploitability, cross-system propagation, cross system lateral movement, and subtle goal misalignments that are hard to detect with existing frameworks and standard approaches. To help address this, the research work present two complementary frameworks: ATFAA - Advanced Threat Framework for Autonomous AI Agents, which organizes agent-specific risks, and SHIELD, a framework proposing practical mitigation strategies designed to reduce enterprise exposure. While this work builds on existing work in LLM and AI security, the focus is squarely on what makes agents different and why those differences matter. Ultimately, this research argues that GenAI agents require a new lens for security. If we fail to adapt our threat models and defenses to account for their unique architecture and behavior, we risk turning a powerful new tool into a serious enterprise liability.
