{"id":"https://openalex.org/W4407236106","doi":"https://doi.org/10.1145/3716628","title":"AI Agents Under Threat: A Survey of Key Security Challenges and Future Pathways","display_name":"AI Agents Under Threat: A Survey of Key Security Challenges and Future Pathways","publication_year":2025,"publication_date":"2025-02-07","ids":{"openalex":"https://openalex.org/W4407236106","doi":"https://doi.org/10.1145/3716628"},"language":"en","primary_location":{"id":"doi:10.1145/3716628","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3716628","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113230472","display_name":"Zehang Deng","orcid":null},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Zehang Deng","raw_affiliation_strings":["Department of Computer Science and Software Engineering, Swinburne University of Technology, Hawthorn, Australia"],"raw_orcid":"https://orcid.org/0009-0000-5469-0762","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering, Swinburne University of Technology, Hawthorn, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114173920","display_name":"Yongjian Guo","orcid":null},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yongjian Guo","raw_affiliation_strings":["Tsinghua University, Beijing, China","Tsinghua University,  Beijing, China"],"raw_orcid":"https://orcid.org/0009-0006-9279-3010","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Tsinghua University,  Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104322146","display_name":"Changzhou Han","orcid":null},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Changzhou Han","raw_affiliation_strings":["Department of Computer Science and Software Engineering, Swinburne University of Technology, Hawthorn, Australia"],"raw_orcid":"https://orcid.org/0009-0003-7253-8176","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering, Swinburne University of Technology, Hawthorn, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011383481","display_name":"Wanlun Ma","orcid":"https://orcid.org/0000-0002-6305-1740"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Wanlun Ma","raw_affiliation_strings":["School of Science, Computing and Engineering Technologies, Swinburne University of Technology, Melbourne, Australia"],"raw_orcid":"https://orcid.org/0000-0002-6305-1740","affiliations":[{"raw_affiliation_string":"School of Science, Computing and Engineering Technologies, Swinburne University of Technology, Melbourne, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102937576","display_name":"Junwu Xiong","orcid":"https://orcid.org/0009-0008-2028-510X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Junwu Xiong","raw_affiliation_strings":["Ant Group CO Ltd, Hangzhou, China","Ant Group CO Ltd,  Hangzhou, China"],"raw_orcid":"https://orcid.org/0009-0008-2028-510X","affiliations":[{"raw_affiliation_string":"Ant Group CO Ltd, Hangzhou, China","institution_ids":[]},{"raw_affiliation_string":"Ant Group CO Ltd,  Hangzhou, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076576641","display_name":"Sheng Wen","orcid":"https://orcid.org/0000-0003-0655-666X"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Sheng Wen","raw_affiliation_strings":["Department of Computer Science and Software Engineering, Swinburne University of Technology, Hawthorn, Australia"],"raw_orcid":"https://orcid.org/0000-0003-0655-666X","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Software Engineering, Swinburne University of Technology, Hawthorn, Australia","institution_ids":["https://openalex.org/I57093077"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100666554","display_name":"Yang Xiang","orcid":"https://orcid.org/0000-0001-5252-0831"},"institutions":[{"id":"https://openalex.org/I57093077","display_name":"Swinburne University of Technology","ror":"https://ror.org/031rekg67","country_code":"AU","type":"education","lineage":["https://openalex.org/I57093077"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yang Xiang","raw_affiliation_strings":["Swinburne University of Technology, Hawthorn, Australia","Swinburne University of Technology,  Hawthorn, Australia"],"raw_orcid":"https://orcid.org/0000-0001-5252-0831","affiliations":[{"raw_affiliation_string":"Swinburne University of Technology, Hawthorn, Australia","institution_ids":["https://openalex.org/I57093077"]},{"raw_affiliation_string":"Swinburne University of Technology,  Hawthorn, Australia","institution_ids":["https://openalex.org/I57093077"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5113230472"],"corresponding_institution_ids":["https://openalex.org/I57093077"],"apc_list":null,"apc_paid":null,"fwci":146.1259,"has_fulltext":false,"cited_by_count":128,"citation_normalized_percentile":{"value":0.99994931,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"57","issue":"7","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.819586992263794},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.7321302890777588},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5947349071502686},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.38587331771850586}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.819586992263794},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.7321302890777588},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5947349071502686},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.38587331771850586}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3716628","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3716628","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":94,"referenced_works":["https://openalex.org/W2626804490","https://openalex.org/W2895201839","https://openalex.org/W2963612262","https://openalex.org/W2971661634","https://openalex.org/W2999816729","https://openalex.org/W3034258347","https://openalex.org/W3037851023","https://openalex.org/W3096738375","https://openalex.org/W3100355250","https://openalex.org/W3108324072","https://openalex.org/W3138984732","https://openalex.org/W3153046263","https://openalex.org/W3155807546","https://openalex.org/W3156789018","https://openalex.org/W3173465197","https://openalex.org/W3202472344","https://openalex.org/W4206637810","https://openalex.org/W4221143046","https://openalex.org/W4221161695","https://openalex.org/W4226278401","https://openalex.org/W4281623759","https://openalex.org/W4281679115","https://openalex.org/W4309663019","https://openalex.org/W4309674289","https://openalex.org/W4310871363","https://openalex.org/W4312406341","https://openalex.org/W4319777976","https://openalex.org/W4320165837","https://openalex.org/W4320853928","https://openalex.org/W4361866031","https://openalex.org/W4366989525","https://openalex.org/W4377130677","https://openalex.org/W4377231151","https://openalex.org/W4382202847","https://openalex.org/W4382318590","https://openalex.org/W4383176079","https://openalex.org/W4384652388","https://openalex.org/W4385452929","https://openalex.org/W4385469325","https://openalex.org/W4385567134","https://openalex.org/W4385571158","https://openalex.org/W4385571830","https://openalex.org/W4385572155","https://openalex.org/W4385572432","https://openalex.org/W4386168844","https://openalex.org/W4386566752","https://openalex.org/W4386624058","https://openalex.org/W4387796699","https://openalex.org/W4387835442","https://openalex.org/W4388744821","https://openalex.org/W4389009541","https://openalex.org/W4389279043","https://openalex.org/W4389279097","https://openalex.org/W4389518784","https://openalex.org/W4389518968","https://openalex.org/W4389519598","https://openalex.org/W4389520346","https://openalex.org/W4389523771","https://openalex.org/W4390693122","https://openalex.org/W4390874280","https://openalex.org/W4391558635","https://openalex.org/W4391655051","https://openalex.org/W4391724817","https://openalex.org/W4391856025","https://openalex.org/W4391974554","https://openalex.org/W4392353733","https://openalex.org/W4392449489","https://openalex.org/W4392904091","https://openalex.org/W4393406870","https://openalex.org/W4394002950","https://openalex.org/W4396592806","https://openalex.org/W4396796749","https://openalex.org/W4399055516","https://openalex.org/W4399750638","https://openalex.org/W4400121375","https://openalex.org/W4400641571","https://openalex.org/W4401042726","https://openalex.org/W4401693474","https://openalex.org/W4402670146","https://openalex.org/W4402670423","https://openalex.org/W4402670735","https://openalex.org/W4404293760","https://openalex.org/W4404563131","https://openalex.org/W4404636545","https://openalex.org/W4404780931","https://openalex.org/W4404782219","https://openalex.org/W4405181600","https://openalex.org/W4406610709","https://openalex.org/W6739901393","https://openalex.org/W6775918922","https://openalex.org/W6778883912","https://openalex.org/W6838865847","https://openalex.org/W6846870107","https://openalex.org/W6851275496"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"An":[0],"Artificial":[1],"Intelligence":[2],"(AI)":[3],"agent":[4,142],"is":[5],"a":[6],"software":[7],"entity":[8],"that":[9],"autonomously":[10],"performs":[11],"tasks":[12],"or":[13],"makes":[14],"decisions":[15],"based":[16],"on":[17],"pre-defined":[18],"objectives":[19],"and":[20,31,34,44,55,89,107,139],"data":[21],"inputs.":[22],"AI":[23,67,113,130,141],"agents,":[24,68,131],"capable":[25],"of":[26,77,86,136],"perceiving":[27],"user":[28,79],"inputs,":[29,80],"reasoning":[30],"planning":[32],"tasks,":[33],"executing":[35],"actions,":[36],"have":[37],"seen":[38],"remarkable":[39],"advancements":[40],"in":[41,82,111],"algorithm":[42],"development":[43,135],"task":[45],"performance.":[46],"However,":[47],"the":[48,61,104,108,125,134],"security":[49,63,126],"challenges":[50],"they":[51],"pose":[52],"remain":[53],"under-explored":[54],"unresolved.":[56],"This":[57],"survey":[58],"delves":[59],"into":[60,71,123],"emerging":[62],"threats":[64,127],"faced":[65],"by":[66],"categorizing":[69],"them":[70],"four":[72],"critical":[73],"knowledge":[74],"gaps:":[75],"unpredictability":[76],"multi-step":[78],"complexity":[81],"internal":[83],"executions,":[84],"variability":[85],"operational":[87],"environments,":[88],"interactions":[90],"with":[91,129],"untrusted":[92],"external":[93],"entities.":[94],"By":[95],"systematically":[96],"reviewing":[97],"these":[98],"threats,":[99],"this":[100],"article":[101],"highlights":[102],"both":[103],"progress":[105],"made":[106],"existing":[109],"limitations":[110],"safeguarding":[112],"agents.":[114],"The":[115],"insights":[116],"provided":[117],"aim":[118],"to":[119],"inspire":[120],"further":[121],"research":[122],"addressing":[124],"associated":[128],"thereby":[132],"fostering":[133],"more":[137],"robust":[138],"secure":[140],"applications.":[143]},"counts_by_year":[{"year":2026,"cited_by_count":51},{"year":2025,"cited_by_count":77}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}