ML Security PapersA Survey on Agentic Security: Applications, Threats and Defenses
Asif Shahriar 1, Md Nafiu Rahman 1, Sadif Ahmed 1, Farig Yousuf Sadeque 1, Md Rizwan Parvez 2
Published on arXiv
2510.06445
Prompt Injection
OWASP LLM Top 10 — LLM01
Excessive Agency
OWASP LLM Top 10 — LLM08
Insecure Plugin Design
OWASP LLM Top 10 — LLM07
Key Finding
Identifies prompt injection, excessive agency, and insecure tool use as the dominant unsolved threats in agentic systems, with critical gaps in non-GPT model coverage and benchmark standardization.
In this work we present the first holistic survey of the agentic security landscape, structuring the field around three fundamental pillars: Applications, Threats, and Defenses. We provide a comprehensive taxonomy of over 160 papers, explaining how agents are used in downstream cybersecurity applications, inherent threats to agentic systems, and countermeasures designed to protect them. A detailed cross-cutting analysis shows emerging trends in agent architecture while revealing critical research gaps in model and modality coverage. A complete and continuously updated list of all surveyed papers is publicly available at https://github.com/kagnlp/Awesome-Agentic-Security.
Key Contributions
- First holistic three-pillar taxonomy of agentic security spanning Applications, Threats, and Defenses across 160+ papers
- Detailed review of how LLM agents are deployed in offensive (red-team), defensive (blue-team), and domain-specific cybersecurity tasks — an area overlooked by prior surveys
- Cross-cutting analysis identifying trends (monolithic-to-planner-executor migration, GPT backbone monopoly) and critical research gaps (modality coverage, benchmark fragmentation)