Skip to content
Longterm Wiki
Back

comprehensive study on agent security

paper
2024·arXiv·arxiv.org/html/2406.08689v2

Authors

Yifeng He·Ethan Wang·Yuyang Rong·Zifei Cheng·Hao Chen

Credibility Rating

3/5
Good(3)

Good quality. Reputable source with community review or editorial standards, but less rigorous than peer-reviewed venues.

Rating inherited from publication venue: arXiv

A 2024 UC Davis paper systematically cataloging security vulnerabilities in LLM-based AI agents, relevant to researchers and practitioners deploying agentic systems in real-world environments.

Paper Details

Citations
25
1 influential
Year
2024
arXiv:2406.08689DOI:10.1109/RAIE66699.2025.00013Semantic Scholar

Metadata

Importance: 62/100arxiv preprintprimary source

Abstract

AI agents have been boosted by large language models. AI agents can function as intelligent assistants and complete tasks on behalf of their users with access to tools and the ability to execute commands in their environments. Through studying and experiencing the workflow of typical AI agents, we have raised several concerns regarding their security. These potential vulnerabilities are not addressed by the frameworks used to build the agents, nor by research aimed at improving the agents. In this paper, we identify and describe these vulnerabilities in detail from a system security perspective, emphasizing their causes and severe effects. Furthermore, we introduce defense mechanisms corresponding to each vulnerability with design and experiments to evaluate their viability. Altogether, this paper contextualizes the security issues in the current development of AI agents and delineates methods to make AI agents safer and more reliable.

Summary

This paper provides a comprehensive security analysis of LLM-based AI agents, identifying critical vulnerabilities arising from their tool-use and command-execution capabilities. The authors examine these vulnerabilities from a system security perspective and propose corresponding defense mechanisms, evaluating their effectiveness experimentally.

Key Points

  • Identifies and categorizes novel security vulnerabilities unique to LLM-based agents that existing frameworks and research do not adequately address.
  • Analyzes the full agent development workflow from a system security lens, detailing root causes and potential impacts of each vulnerability.
  • Proposes and experimentally evaluates defense mechanisms tailored to each identified vulnerability.
  • Highlights that agent tool-use and environment interaction create attack surfaces absent in standalone LLMs, including prompt injection and command execution risks.
  • Contextualizes AI agent security within the broader landscape of AI safety, bridging cybersecurity and AI research communities.

Cited by 1 page

PageTypeQuality
Tool Use and Computer UseCapability67.0

Cached Content Preview

HTTP 200Fetched Mar 20, 202672 KB
HTML conversions [sometimes display errors](https://info.dev.arxiv.org/about/accessibility_html_error_messages.html) due to content that did not convert correctly from the source. This paper uses the following packages that are not yet supported by the HTML conversion tool. Feedback on these issues are not necessary; they are known and are being worked on.

- failed: biblatex
- failed: lstfiracode

Authors: achieve the best HTML results from your LaTeX submissions by following these [best practices](https://info.arxiv.org/help/submit_latex_best_practices.html).

[License: CC BY 4.0](https://info.arxiv.org/help/license/index.html#licenses-available)

arXiv:2406.08689v2 \[cs.CR\] 20 Jun 2024

\\NewDocumentCommand\\code

v#1\\addbibresourcemain.bib

Report issue for preceding element

# Security of AI Agents

Report issue for preceding element

Yifeng He
UC Davis

Davis, USA

yfhe@ucdavis.edu

Ethan Wang
UC Davis

Davis, USA

ebwang@ucdavis.edu

Yuyang Rong
UC Davis

Davis, USA

PeterRong96@gmail.com

Zifei Cheng
UC Davis

Davis, USA

zfcheng@ucdavis.edu

Hao Chen
UC Davis

Davis, USA

chen@ucdavis.edu

Report issue for preceding element

###### Abstract

Report issue for preceding element

The study and development of AI agents have been boosted by large language models.
AI agents can function as intelligent assistants and complete tasks on behalf of their users
with access to tools and the ability to execute commands in their environments,
Through studying and experiencing the workflow of typical AI agents,
we have raised several concerns regarding their security.
These potential vulnerabilities are not addressed by the frameworks used to build the agents,
nor by research aimed at improving the agents.
In this paper, we identify and describe these vulnerabilities in detail from a system security perspective,
emphasizing their causes and severe effects.
Furthermore, we introduce defense mechanisms corresponding to each vulnerability with meticulous design and experiments to evaluate their viability.
Altogether, this paper contextualizes the security issues in the current development of AI agents
and delineates methods to make AI agents safer and more reliable.

Report issue for preceding element

## 1 Introduction

Report issue for preceding element

AI agents are robots in cyberspace, executing tasks on behalf of their users.
To understand their user’s command,
they send the input prompts as requests to foundation AI models, such as large language models (LLMs).
The responses generated by the model may contain the final actions of the agent or further instructions.
To execute the _actions_, the agent invokes _tools_,
which may run local computations or send requests to remote hosts, such as querying search engines.
The tools output results and feedback to the AI model for the next round of actions.
By invoking tools, AI agents are granted the ability to interact with the real world.
Since AI agents depend on their AI model to understand user input

... (truncated, 72 KB total)
Resource ID: 3aec04f6fbc348bf | Stable ID: ZDEzMzE0MW