Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Security Risks of Agentic Vehicles: A Systematic Analysis of Cognitive and Cross-Layer Threats

Ali Eslami, Jiangbo Yu

TL;DR

This work addresses the security implications of agentic AI in both manually driven and autonomous vehicles by introducing a role-based architecture that separates Personal Agent and Driving Strategy Agent from a deterministic Safety Check Layer. It provides a cognitive threat taxonomy aligned with cross-layer vehicle components and analyzes how memory, intent, and deceptive reasoning can propagate to unsafe driving decisions. The study integrates traditional CAV security concerns with agentic vulnerabilities, illustrating cross-layer attack chains and evaluating threat severity across contexts. The findings establish a foundation for principled defenses, monitoring, and future experimental validation in agentic-vehicle security.

Abstract

Agentic AI is increasingly being explored and introduced in both manually driven and autonomous vehicles, leading to the notion of Agentic Vehicles (AgVs), with capabilities such as memory-based personalization, goal interpretation, strategic reasoning, and tool-mediated assistance. While frameworks such as the OWASP Agentic AI Security Risks highlight vulnerabilities in reasoning-driven AI systems, they are not designed for safety-critical cyber-physical platforms such as vehicles, nor do they account for interactions with other layers such as perception, communication, and control layers. This paper investigates security threats in AgVs, including OWASP-style risks and cyber-attacks from other layers affecting the agentic layer. By introducing a role-based architecture for agentic vehicles, consisting of a Personal Agent and a Driving Strategy Agent, we will investigate vulnerabilities in both agentic AI layer and cross-layer risks, including risks originating from upstream layers (e.g., perception layer, control layer, etc.). A severity matrix and attack-chain analysis illustrate how small distortions can escalate into misaligned or unsafe behavior in both human-driven and autonomous vehicles. The resulting framework provides the first structured foundation for analyzing security risks of agentic AI in both current and emerging vehicle platforms.

Security Risks of Agentic Vehicles: A Systematic Analysis of Cognitive and Cross-Layer Threats

TL;DR

This work addresses the security implications of agentic AI in both manually driven and autonomous vehicles by introducing a role-based architecture that separates Personal Agent and Driving Strategy Agent from a deterministic Safety Check Layer. It provides a cognitive threat taxonomy aligned with cross-layer vehicle components and analyzes how memory, intent, and deceptive reasoning can propagate to unsafe driving decisions. The study integrates traditional CAV security concerns with agentic vulnerabilities, illustrating cross-layer attack chains and evaluating threat severity across contexts. The findings establish a foundation for principled defenses, monitoring, and future experimental validation in agentic-vehicle security.

Abstract

Agentic AI is increasingly being explored and introduced in both manually driven and autonomous vehicles, leading to the notion of Agentic Vehicles (AgVs), with capabilities such as memory-based personalization, goal interpretation, strategic reasoning, and tool-mediated assistance. While frameworks such as the OWASP Agentic AI Security Risks highlight vulnerabilities in reasoning-driven AI systems, they are not designed for safety-critical cyber-physical platforms such as vehicles, nor do they account for interactions with other layers such as perception, communication, and control layers. This paper investigates security threats in AgVs, including OWASP-style risks and cyber-attacks from other layers affecting the agentic layer. By introducing a role-based architecture for agentic vehicles, consisting of a Personal Agent and a Driving Strategy Agent, we will investigate vulnerabilities in both agentic AI layer and cross-layer risks, including risks originating from upstream layers (e.g., perception layer, control layer, etc.). A severity matrix and attack-chain analysis illustrate how small distortions can escalate into misaligned or unsafe behavior in both human-driven and autonomous vehicles. The resulting framework provides the first structured foundation for analyzing security risks of agentic AI in both current and emerging vehicle platforms.

Paper Structure

This paper contains 53 sections, 3 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Motivation
  3. Gap in Existing Literature
  4. Contributions
  5. Paper Organization
  6. Background & Related Works
  7. Cybersecurity risks in Connected and Autonomous Vehicles: Layered Analysis
  8. Agentic AI and Levels of Agency
  9. Existing Threat Models and OWASP Agentic AI Risks
  10. Traditional Automotive Security Standards
  11. OWASP Agentic AI Security Risks
  12. Gap in Existing Frameworks and Position of This Work
  13. Agentic Vehicle Architecture
  14. Role-Based Multi-Agent Design Principles
  15. Role Specifications
  16. ...and 38 more sections

Figures (3)

  • Figure 1: MAS diagram.
  • Figure 2: Comparison of target speeds generated before and after poisoning the PA's memory with a constraint suggesting that the vehicle should not exceed approximately 45 km/h. The poisoning induces large and consistent slowdowns across all scenarios, including urgent ones, while remaining within the SC layer's physical safety limits.
  • Figure 3: Comparison of target speeds generated before and after receiving corrupted information from the infrastructure. As demonstrated, the DSA proposes much reduces speed targets due to the corrupted received information.