Agentic AI as a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains

Agentic systems built on large language models (LLMs) extend beyond text generation to autonomously retrieve information and invoke tools. This runtime execution model shifts the attack surface from build-time artifacts to inference-time dependencies, exposing agents to manipulation through untrusted data and probabilistic capability resolution. While prior work has focused on model-level vulnerabilities, security risks emerging from cyclic and interdependent runtime behavior remain fragmented. We systematize these risks within a unified runtime framework, categorizing threats into data supply chain attacks (transient context injection and persistent memory poisoning) and tool supply chain attacks (discovery, implementation, and invocation). We further identify the Viral Agent Loop, in which agents act as vectors for self-propagating generative worms without exploiting code-level flaws. Finally, we advocate a Zero-Trust Runtime Architecture that treats context as untrusted control flow and constrains tool execution through cryptographic provenance rather than semantic inference.

Key Contributions

• Unified runtime supply chain framework categorizing agentic LLM threats into data supply chain attacks (context injection, memory poisoning) and tool supply chain attacks (discovery, implementation, invocation)
• Introduction of the Viral Agent Loop — a self-propagating generative worm pattern where agent outputs re-enter as tainted context, enabling persistent compromise without code-level exploits
• Proposal of a Zero-Trust Runtime Architecture using cryptographic provenance for tool execution rather than relying on semantic inference

🛡️ Threat Analysis

Details

Similar Papers