TRiSM for Agentic AI: A Review of Trust, Risk, and Security Management in LLM-based Agentic Multi-Agent Systems

TL;DR

This survey tackles the gap in TRiSM (Trust, Risk, and Security Management) for AMAS, arguing that autonomous, LLM-powered multi-agent systems introduce system-wide risks beyond traditional AI. It proposes a unified TRiSM framework tailored to AMAS with pillars for Explainability, ModelOps, Security, Privacy, and Lifecycle Governance, complemented by CSS and TUE metrics to evaluate inter-agent coordination and tool use. The work offers a risk taxonomy, a multi-dimensional evaluation scheme, and guidance on security/privacy controls, governance alignment, and regulatory compliance such as EU AI Act and NIST RMF. The proposed roadmap emphasizes adversarial robustness, governance routines, standardized benchmarks, and human-in-the-loop oversight to enable safe, transparent, and accountable agentic AI deployments in sensitive domains.

Abstract

Agentic AI systems, built upon large language models (LLMs) and deployed in multi-agent configurations, are redefining intelligence, autonomy, collaboration, and decision-making across enterprise and societal domains. This review presents a structured analysis of Trust, Risk, and Security Management (TRiSM) in the context of LLM-based Agentic Multi-Agent Systems (AMAS). We begin by examining the conceptual foundations of Agentic AI and highlight its architectural distinctions from traditional AI agents. We then adapt and extend the AI TRiSM framework for Agentic AI, structured around key pillars: \textit{ Explainability, ModelOps, Security, Privacy} and \textit{their Lifecycle Governance}, each contextualized to the challenges of AMAS. A risk taxonomy is proposed to capture the unique threats and vulnerabilities of Agentic AI, ranging from coordination failures to prompt-based adversarial manipulation. To support practical assessment in Agentic AI works, we introduce two novel metrics: the Component Synergy Score (CSS), which quantifies the quality of inter-agent collaboration, and the Tool Utilization Efficacy (TUE), which evaluates the efficiency of tool use within agent workflows. We further discuss strategies for improving explainability in Agentic AI, as well as approaches to enhancing security and privacy through encryption, adversarial robustness, and regulatory compliance. The review concludes with a research roadmap for the responsible development and deployment of Agentic AI, highlighting key directions to align emerging systems with TRiSM principles-ensuring safety, transparency, and accountability in their operation.

Figures (14)

• Figure 1: Agentic AI research growth on arXiv (2019--2024), showing multi-agent systems and LLM-based agent publications with marked acceleration following ChatGPT's release in November 2022.
• Figure 2: Google search interest for "AI Agents" vs "Agentic AI" (2022--2024), illustrating rising public awareness with key milestones including ChatGPT launch and Gartner's recognition of Agentic AI as the top technology trend for 2025.
• Figure 3: Publication landscape: (a) Long-term trends showing accelerating research output over four decades; (b) Distribution of publication types, with journal articles dominating at 61.2%.
• Figure 4: Publication outlets: (a) Top venues including NeurIPS, ACM Computing Surveys, and AAAI; (b) Publisher distribution led by Elsevier, Springer, and IEEE.
• Figure 5: Research themes and evolution: (a) Word cloud highlighting key topics including large language models, multi-agent systems, security, and explainability; (b) Temporal distribution of publication types.