{"id":"https://openalex.org/W7160522594","doi":"https://doi.org/10.1007/s11416-026-00622-3","title":"Securing LLM-based agents against cyberattacks: a comprehensive survey on attack techniques and defense strategies","display_name":"Securing LLM-based agents against cyberattacks: a comprehensive survey on attack techniques and defense strategies","publication_year":2026,"publication_date":"2026-05-07","ids":{"openalex":"https://openalex.org/W7160522594","doi":"https://doi.org/10.1007/s11416-026-00622-3"},"language":"en","primary_location":{"id":"doi:10.1007/s11416-026-00622-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11416-026-00622-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11416-026-00622-3.pdf","source":{"id":"https://openalex.org/S2764922190","display_name":"Journal of Computer Virology and Hacking Techniques","issn_l":"2263-8733","issn":["2263-8733"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Virology and Hacking Techniques","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007/s11416-026-00622-3.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5033761676","display_name":"Nyashadzashe Tamuka","orcid":"https://orcid.org/0000-0003-3391-7010"},"institutions":[{"id":"https://openalex.org/I137616099","display_name":"Tshwane University of Technology","ror":"https://ror.org/037mrss42","country_code":"ZA","type":"education","lineage":["https://openalex.org/I137616099"]}],"countries":["ZA"],"is_corresponding":true,"raw_author_name":"Nyashadzashe Tamuka","raw_affiliation_strings":["Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa","institution_ids":["https://openalex.org/I137616099"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068434545","display_name":"Topside E. Mathonsi","orcid":"https://orcid.org/0000-0002-0439-7186"},"institutions":[{"id":"https://openalex.org/I137616099","display_name":"Tshwane University of Technology","ror":"https://ror.org/037mrss42","country_code":"ZA","type":"education","lineage":["https://openalex.org/I137616099"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Topside Ehleketani Mathonsi","raw_affiliation_strings":["Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa","institution_ids":["https://openalex.org/I137616099"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022841570","display_name":"Olwal Thomas Otieno","orcid":null},"institutions":[{"id":"https://openalex.org/I137616099","display_name":"Tshwane University of Technology","ror":"https://ror.org/037mrss42","country_code":"ZA","type":"education","lineage":["https://openalex.org/I137616099"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Olwal Thomas Otieno","raw_affiliation_strings":["Department of Electrical Engineering, Tshwane University of Technology, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, Tshwane University of Technology, Pretoria, South Africa","institution_ids":["https://openalex.org/I137616099"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135564131","display_name":"Solly Maswikaneng","orcid":null},"institutions":[{"id":"https://openalex.org/I137616099","display_name":"Tshwane University of Technology","ror":"https://ror.org/037mrss42","country_code":"ZA","type":"education","lineage":["https://openalex.org/I137616099"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Solly Maswikaneng","raw_affiliation_strings":["Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa","institution_ids":["https://openalex.org/I137616099"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058915745","display_name":"Tonderai Muchenje","orcid":"https://orcid.org/0000-0002-0181-2655"},"institutions":[{"id":"https://openalex.org/I137616099","display_name":"Tshwane University of Technology","ror":"https://ror.org/037mrss42","country_code":"ZA","type":"education","lineage":["https://openalex.org/I137616099"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Tonderai Muchenje","raw_affiliation_strings":["Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa","institution_ids":["https://openalex.org/I137616099"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5013186512","display_name":"Tshimangadzo M. Tshilongamulenzhe","orcid":null},"institutions":[{"id":"https://openalex.org/I137616099","display_name":"Tshwane University of Technology","ror":"https://ror.org/037mrss42","country_code":"ZA","type":"education","lineage":["https://openalex.org/I137616099"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Tshimangadzo Mavin Tshilongamulenzhe","raw_affiliation_strings":["Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information Technology, Tshwane University of Technology, Pretoria, South Africa","institution_ids":["https://openalex.org/I137616099"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5033761676"],"corresponding_institution_ids":["https://openalex.org/I137616099"],"apc_list":{"value":2390,"currency":"EUR","value_usd":2990},"apc_paid":{"value":2390,"currency":"EUR","value_usd":2990},"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.55131564,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"22","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.32600000500679016,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.32600000500679016,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.05119999870657921,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.04280000180006027,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5770999789237976},{"id":"https://openalex.org/keywords/covert","display_name":"Covert","score":0.5692999958992004},{"id":"https://openalex.org/keywords/resilience","display_name":"Resilience (materials science)","score":0.5324000120162964},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.4880000054836273},{"id":"https://openalex.org/keywords/adaptation","display_name":"Adaptation (eye)","score":0.44679999351501465},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.43790000677108765},{"id":"https://openalex.org/keywords/autonomy","display_name":"Autonomy","score":0.376800000667572},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.36550000309944153}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.807200014591217},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6938999891281128},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5770999789237976},{"id":"https://openalex.org/C2779338814","wikidata":"https://www.wikidata.org/wiki/Q5179285","display_name":"Covert","level":2,"score":0.5692999958992004},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.5324000120162964},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.4880000054836273},{"id":"https://openalex.org/C139807058","wikidata":"https://www.wikidata.org/wiki/Q352374","display_name":"Adaptation (eye)","level":2,"score":0.44679999351501465},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.43790000677108765},{"id":"https://openalex.org/C65414064","wikidata":"https://www.wikidata.org/wiki/Q484105","display_name":"Autonomy","level":2,"score":0.376800000667572},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.36550000309944153},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3294999897480011},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3237000107765198},{"id":"https://openalex.org/C2776505523","wikidata":"https://www.wikidata.org/wiki/Q4785468","display_name":"Plan (archaeology)","level":2,"score":0.29910001158714294},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.2980000078678131},{"id":"https://openalex.org/C2778464652","wikidata":"https://www.wikidata.org/wiki/Q309849","display_name":"Open research","level":2,"score":0.2888000011444092},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.27790001034736633},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C177148314","wikidata":"https://www.wikidata.org/wiki/Q170084","display_name":"Generalization","level":2,"score":0.26109999418258667},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.25870001316070557},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.2547999918460846}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/s11416-026-00622-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11416-026-00622-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11416-026-00622-3.pdf","source":{"id":"https://openalex.org/S2764922190","display_name":"Journal of Computer Virology and Hacking Techniques","issn_l":"2263-8733","issn":["2263-8733"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Virology and Hacking Techniques","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1007/s11416-026-00622-3","is_oa":true,"landing_page_url":"https://doi.org/10.1007/s11416-026-00622-3","pdf_url":"https://link.springer.com/content/pdf/10.1007/s11416-026-00622-3.pdf","source":{"id":"https://openalex.org/S2764922190","display_name":"Journal of Computer Virology and Hacking Techniques","issn_l":"2263-8733","issn":["2263-8733"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Virology and Hacking Techniques","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7396501898765564,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320324695","display_name":"Tshwane University of Technology","ror":"https://ror.org/037mrss42"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7160522594.pdf","grobid_xml":"https://content.openalex.org/works/W7160522594.grobid-xml"},"referenced_works_count":36,"referenced_works":["https://openalex.org/W2952419531","https://openalex.org/W2963635116","https://openalex.org/W4315498031","https://openalex.org/W4389544300","https://openalex.org/W4400236709","https://openalex.org/W4402670146","https://openalex.org/W4403577333","https://openalex.org/W4403937515","https://openalex.org/W4404780882","https://openalex.org/W4405267222","https://openalex.org/W4406892424","https://openalex.org/W4407030419","https://openalex.org/W4407922851","https://openalex.org/W4409150456","https://openalex.org/W4409362915","https://openalex.org/W4410202262","https://openalex.org/W4411113295","https://openalex.org/W4411337932","https://openalex.org/W4411492256","https://openalex.org/W4411550852","https://openalex.org/W4411635779","https://openalex.org/W4412106733","https://openalex.org/W4412565786","https://openalex.org/W4412660237","https://openalex.org/W4413908774","https://openalex.org/W4415271252","https://openalex.org/W4415689913","https://openalex.org/W7084118528","https://openalex.org/W7117481868","https://openalex.org/W7118168534","https://openalex.org/W7118532765","https://openalex.org/W7123347542","https://openalex.org/W7125146810","https://openalex.org/W7128505394","https://openalex.org/W7154085605","https://openalex.org/W7160153835"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"Large":[1],"Language":[2],"Model":[3],"(LLM)-based":[4],"agents":[5,58,154,207],"integrate":[6],"various":[7,64],"models,":[8],"including":[9,82],"planning":[10],"loops,":[11],"memory,":[12],"tool":[13],"use,":[14],"and":[15,59,72,74,84,88,96,98,114,120,122,140,158,169,181,200],"multi-agent":[16],"systems,":[17],"enabling":[18],"autonomous":[19],"decision-making":[20],"through":[21],"natural-language":[22],"interfaces.":[23],"This":[24,47],"autonomy":[25],"also":[26],"expands":[27],"the":[28,78],"cyberattack":[29],"surface":[30],"from":[31,163],"model-only":[32],"failures":[33],"to":[34,77,166],"agent":[35,198],"compromise,":[36],"where":[37],"untrusted":[38],"text":[39],"can":[40,156],"exfiltrate":[41],"data":[42],"or":[43],"trigger":[44],"malicious":[45],"actions.":[46],"survey":[48],"presents":[49],"a":[50,60,132,141],"taxonomy-driven":[51],"synthesis":[52],"of":[53,63,135,144,187],"security":[54,160,194],"threats":[55],"targeting":[56],"LLM-based":[57],"structured":[61],"review":[62],"studies,":[65],"summarizing":[66],"each":[67],"work\u2019s":[68],"aims,":[69],"methods,":[70],"results,":[71],"limitations":[73],"mapping":[75],"them":[76],"proposed":[79],"taxonomy.":[80],"Attacks,":[81],"context":[83],"prompt":[85,189],"manipulation,":[86],"jailbreak":[87],"cognition":[89],"attacks,":[90,92,190],"privacy":[91],"agentic":[93],"action":[94],"induction":[95],"availability,":[97],"reconnaissance":[99],"threats,":[100],"were":[101,131],"categorized.":[102],"The":[103,128],"widely":[104],"adopted":[105],"defenses":[106],"are":[107],"classified":[108],"into":[109],"prompt/input":[110],"sanitization,":[111],"adversarial":[112],"training":[113],"alignment":[115],"tuning,":[116],"architectural":[117],"safeguards,":[118],"monitoring":[119],"guardrails,":[121],"watermarking/provenance":[123],"mechanisms":[124],"for":[125,203],"source":[126],"verification.":[127],"persistent":[129],"gaps":[130],"weak":[133],"generalization":[134],"defense":[136],"under":[137,176],"attacker":[138],"adaptation":[139],"limited":[142],"evaluation":[143],"agent-tool":[145],"interaction":[146],"risk.":[147],"Since":[148],"real":[149,209],"deployments":[150],"increasingly":[151],"rely":[152],"on":[153],"that":[155,173],"remember":[157],"act,":[159],"must":[161],"shift":[162],"single-model":[164],"filtering":[165],"system-level,":[167],"benchmarked,":[168],"continuously":[170],"tested":[171],"controls":[172],"measure":[174],"resilience":[175],"adaptive":[177],"attackers.":[178],"Open":[179],"challenges":[180],"research":[182],"directions":[183],"include":[184],"robust":[185],"detection":[186],"covert":[188],"continuous":[191],"red-teaming,":[192],"measurable":[193],"utility":[195],"trade-offs,":[196],"provenance-aware":[197],"pipelines,":[199],"standardized":[201],"protocols":[202],"evaluating":[204],"secure":[205],"LLM":[206],"in":[208],"deployments.":[210]},"counts_by_year":[],"updated_date":"2026-06-20T20:08:15.867695","created_date":"2026-05-08T00:00:00"}
