{"id":"https://openalex.org/W7156894350","doi":"https://doi.org/10.48550/arxiv.2604.24657","title":"AgentWard: A Lifecycle Security Architecture for Autonomous AI Agents","display_name":"AgentWard: A Lifecycle Security Architecture for Autonomous AI Agents","publication_year":2026,"publication_date":"2026-04-27","ids":{"openalex":"https://openalex.org/W7156894350","doi":"https://doi.org/10.48550/arxiv.2604.24657"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.24657","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24657","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.24657","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5128986622","display_name":"Yixiang Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yixiang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134771833","display_name":"Xinhao Deng","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Deng, Xinhao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126459609","display_name":"Jiaqing Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Jiaqing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134799506","display_name":"Yue Xiao","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xiao, Yue","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134764979","display_name":"Ke Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Ke","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134766513","display_name":"Qi Li","orcid":"https://orcid.org/0009-0000-1094-8995"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Qi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.35199999809265137,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.35199999809265137,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.1429000049829483,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10639","display_name":"Advanced Software Engineering Methodologies","score":0.08739999681711197,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/blueprint","display_name":"Blueprint","score":0.5252000093460083},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.505299985408783},{"id":"https://openalex.org/keywords/plan","display_name":"Plan (archaeology)","score":0.4903999865055084},{"id":"https://openalex.org/keywords/safeguarding","display_name":"Safeguarding","score":0.41350001096725464},{"id":"https://openalex.org/keywords/enterprise-information-security-architecture","display_name":"Enterprise information security architecture","score":0.38119998574256897},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.38029998540878296},{"id":"https://openalex.org/keywords/perspective","display_name":"Perspective (graphical)","score":0.34389999508857727},{"id":"https://openalex.org/keywords/structuring","display_name":"Structuring","score":0.33889999985694885}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6845999956130981},{"id":"https://openalex.org/C155911762","wikidata":"https://www.wikidata.org/wiki/Q422321","display_name":"Blueprint","level":2,"score":0.5252000093460083},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.505299985408783},{"id":"https://openalex.org/C2776505523","wikidata":"https://www.wikidata.org/wiki/Q4785468","display_name":"Plan (archaeology)","level":2,"score":0.4903999865055084},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43639999628067017},{"id":"https://openalex.org/C2776743756","wikidata":"https://www.wikidata.org/wiki/Q5097921","display_name":"Safeguarding","level":2,"score":0.41350001096725464},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4108000099658966},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.38119998574256897},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.38029998540878296},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.34389999508857727},{"id":"https://openalex.org/C2775945657","wikidata":"https://www.wikidata.org/wiki/Q381442","display_name":"Structuring","level":2,"score":0.33889999985694885},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.30469998717308044},{"id":"https://openalex.org/C121822524","wikidata":"https://www.wikidata.org/wiki/Q5157582","display_name":"Computer security model","level":2,"score":0.3005000054836273},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.2969000041484833},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.2827000021934509},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2815000116825104},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.2791000008583069},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.27059999108314514},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2685000002384186},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.26100000739097595},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2533999979496002},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.2513999938964844}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.24657","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24657","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.24657","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.24657","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7250493764877319,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Autonomous":[0],"AI":[1,141],"agents":[2],"extend":[3],"large":[4],"language":[5],"models":[6],"into":[7],"full":[8],"runtime":[9,129],"systems":[10],"that":[11,69],"load":[12],"skills,":[13],"ingest":[14],"external":[15],"content,":[16],"maintain":[17],"memory,":[18,46],"plan":[19],"multi-step":[20],"actions,":[21],"and":[22,48,103,110,135],"invoke":[23],"privileged":[24],"tools.":[25],"In":[26],"such":[27],"systems,":[28],"security":[29,130],"failures":[30],"rarely":[31],"remain":[32],"confined":[33],"to":[34,87,117],"a":[35,65,112,124],"single":[36],"interface;":[37],"instead,":[38],"they":[39],"can":[40],"propagate":[41],"across":[42,73],"initialization,":[43],"input":[44],"processing,":[45],"decision-making,":[47],"execution,":[49],"often":[50],"becoming":[51],"apparent":[52],"only":[53],"when":[54],"harmful":[55],"effects":[56],"materialize":[57],"in":[58,139],"the":[59,100],"environment.":[60],"This":[61,121],"paper":[62],"presents":[63],"AgentWard,":[64],"lifecycle-oriented,":[66],"defense-in-depth":[67],"architecture":[68,104],"systematically":[70],"organizes":[71],"protection":[72,108],"these":[74],"five":[75,106],"stages.":[76],"AgentWard":[77],"integrates":[78],"stage-specific,":[79],"heterogeneous":[80],"controls":[81],"with":[82],"cross-layer":[83],"coordination,":[84],"enabling":[85],"threats":[86],"be":[88],"intercepted":[89],"along":[90],"their":[91],"propagation":[92],"paths":[93],"while":[94],"safeguarding":[95],"critical":[96],"assets.":[97],"We":[98],"detail":[99],"design":[101],"rationale":[102],"of":[105],"coordinated":[107],"layers,":[109],"implement":[111],"plugin-native":[113],"prototype":[114],"on":[115],"OpenClaw":[116],"demonstrate":[118],"practical":[119],"feasibility.":[120],"perspective":[122],"provides":[123],"concrete":[125],"blueprint":[126],"for":[127],"structuring":[128],"controls,":[131],"managing":[132],"trust":[133],"propagation,":[134],"enforcing":[136],"execution":[137],"containment":[138],"autonomous":[140],"agents.":[142],"Our":[143],"code":[144],"is":[145],"available":[146],"at":[147],"https://github.com/FIND-Lab/AgentWard":[148],".":[149]},"counts_by_year":[],"updated_date":"2026-07-01T08:55:40.977307","created_date":"2026-04-29T00:00:00"}
