A Survey on Agentic Security: Applications, Threats and Defenses
Asif Shahriar, Md Nafiu Rahman, Sadif Ahmed, Farig Sadeque, Md Rizwan Parvez
TL;DR
This survey defines a holistic framework for agentic security by organizing the literature into three pillars: Applications, Threats, and Defenses. It details how LLM-based agents are used for offensive red-teaming, defensive blue-teaming, and domain-specific tasks, while cataloging a broad spectrum of attack surfaces (injection, poisoning, jailbreaking, manipulation, and pre-execution cognition) and corresponding hardening strategies (secure-by-design, multi-agent security, and runtime guardrails). Through cross-cutting analysis, the paper identifies key trends such as the shift toward planner–executor architectures, predominant use of GPT-family models, and uneven coverage of modalities and knowledge sources, along with benchmark fragmentation. The contributions include a comprehensive taxonomy, synthesis of architectural patterns, and a set of evaluation platforms and domain-specific frameworks that collectively advance practical, provable-safety approaches for agentic security. The work aims to provide researchers and practitioners with a unified, actionable reference to design, assess, and harden autonomous security agents in real-world settings.
Abstract
In this work we present the first holistic survey of the agentic security landscape, structuring the field around three fundamental pillars: Applications, Threats, and Defenses. We provide a comprehensive taxonomy of over 160 papers, explaining how agents are used in downstream cybersecurity applications, inherent threats to agentic systems, and countermeasures designed to protect them. A detailed cross-cutting analysis shows emerging trends in agent architecture while revealing critical research gaps in model and modality coverage. A complete and continuously updated list of all surveyed papers is publicly available at https://github.com/kagnlp/Awesome-Agentic-Security.