Human Society-Inspired Approaches to Agentic AI Security: The 4C Framework
Alsharif Abuadbba, Nazatul Sultan, Surya Nepal, Sanjay Jha
TL;DR
This work addresses the security challenges of agentic AI operating in open, cross‑organizational environments by introducing the 4C Framework, a human‑inspired, four‑layer model that organizes risks across Core (execution environment and assets), Connection (trust and delegation), Cognition (beliefs and goals), and Compliance (governance and ethics). It argues that traditional model‑centered security is insufficient for managing autonomous, interacting agents whose behaviors can drift or cascade across ecosystems. The paper provides a taxonomy of threat classes and mitigations for each layer, illustrating how security must protect behavioral integrity and intent, not just surface assets. By linking technical controls with governance and societal analogues, the 4C framework offers a principled foundation for building trustworthy, governable agentic AI systems with realistic cross‑layer evaluation and oversight.
Abstract
AI is moving from domain-specific autonomy in closed, predictable settings to large-language-model-driven agents that plan and act in open, cross-organizational environments. As a result, the cybersecurity risk landscape is changing in fundamental ways. Agentic AI systems can plan, act, collaborate, and persist over time, functioning as participants in complex socio-technical ecosystems rather than as isolated software components. Although recent work has strengthened defenses against model and pipeline level vulnerabilities such as prompt injection, data poisoning, and tool misuse, these system centric approaches may fail to capture risks that arise from autonomy, interaction, and emergent behavior. This article introduces the 4C Framework for multi-agent AI security, inspired by societal governance. It organizes agentic risks across four interdependent dimensions: Core (system, infrastructure, and environmental integrity), Connection (communication, coordination, and trust), Cognition (belief, goal, and reasoning integrity), and Compliance (ethical, legal, and institutional governance). By shifting AI security from a narrow focus on system-centric protection to the broader preservation of behavioral integrity and intent, the framework complements existing AI security strategies and offers a principled foundation for building agentic AI systems that are trustworthy, governable, and aligned with human values.
