{"id":"https://openalex.org/W7159628215","doi":"https://doi.org/10.48550/arxiv.2604.27464","title":"Security Attack and Defense Strategies for Autonomous Agent Frameworks: A Layered Review with OpenClaw as a Case Study","display_name":"Security Attack and Defense Strategies for Autonomous Agent Frameworks: A Layered Review with OpenClaw as a Case Study","publication_year":2026,"publication_date":"2026-04-30","ids":{"openalex":"https://openalex.org/W7159628215","doi":"https://doi.org/10.48550/arxiv.2604.27464"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.27464","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.27464","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.27464","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5134929620","display_name":"Luyao Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xu, Luyao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5134964248","display_name":"Xiang Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Chen, Xiang","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.19949999451637268,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.19949999451637268,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.19859999418258667,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.08730000257492065,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5867000222206116},{"id":"https://openalex.org/keywords/autonomous-agent","display_name":"Autonomous agent","score":0.4867999851703644},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.45890000462532043},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.43479999899864197},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.41999998688697815},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.32429999113082886},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.31520000100135803}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.661300003528595},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5867000222206116},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5623000264167786},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.5559999942779541},{"id":"https://openalex.org/C13687954","wikidata":"https://www.wikidata.org/wiki/Q4826847","display_name":"Autonomous agent","level":2,"score":0.4867999851703644},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.45890000462532043},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.43479999899864197},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.41999998688697815},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.32429999113082886},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.31520000100135803},{"id":"https://openalex.org/C115901376","wikidata":"https://www.wikidata.org/wiki/Q184199","display_name":"Automation","level":2,"score":0.31310001015663147},{"id":"https://openalex.org/C114869243","wikidata":"https://www.wikidata.org/wiki/Q133735","display_name":"Security through obscurity","level":5,"score":0.3102000057697296},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.29510000348091125},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.2937999963760376},{"id":"https://openalex.org/C103377522","wikidata":"https://www.wikidata.org/wiki/Q3493999","display_name":"Security information and event management","level":4,"score":0.28679999709129333},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.2833999991416931},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.28040000796318054},{"id":"https://openalex.org/C83163435","wikidata":"https://www.wikidata.org/wiki/Q3954104","display_name":"Security management","level":2,"score":0.2759000062942505},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2703000009059906},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2680000066757202},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2612000107765198},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.25429999828338623}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.27464","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.27464","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.27464","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.27464","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Autonomous":[0],"agent":[1,63,73,106,170],"frameworks":[2,171],"built":[3],"upon":[4],"large":[5],"language":[6],"models":[7],"(LLMs)":[8],"are":[9],"evolving":[10],"into":[11,118],"complex,":[12],"tool-integrated,":[13],"and":[14,38,59,75,101,124,129,134,137,140,154,185,205,210,217],"continuously":[15],"operating":[16],"systems,":[17,64],"introducing":[18],"security":[19,43,99,152],"risks":[20,100],"beyond":[21],"traditional":[22],"prompt-level":[23],"vulnerabilities.":[24],"As":[25],"this":[26,86,90,92,160],"paradigm":[27],"is":[28,45,77],"still":[29,78],"at":[30],"an":[31],"early":[32],"stage":[33],"of":[34,41,52,72,81,98,202],"development,":[35],"a":[36,49,79,82,95,111],"timely":[37],"systematic":[39,216],"understanding":[40],"its":[42,148],"implications":[44],"increasingly":[46],"important.":[47],"Although":[48],"growing":[50],"body":[51],"work":[53],"has":[54],"examined":[55],"different":[56],"attack":[57],"surfaces":[58],"defense":[60,102,156],"problems":[61],"in":[62,104,168],"existing":[65],"studies":[66],"remain":[67],"scattered":[68],"across":[69,174,198],"individual":[70],"aspects":[71],"security,":[74],"there":[76],"lack":[80,201],"layered":[83,96,161],"review":[84,97],"on":[85,159],"topic.":[87],"To":[88],"address":[89],"gap,":[91],"survey":[93],"presents":[94],"strategies":[103],"autonomous":[105,169],"frameworks,":[107],"with":[108],"OpenClaw":[109],"as":[110],"case":[112],"study.":[113],"We":[114],"organize":[115],"the":[116,122,127,132,138,200],"analysis":[117],"four":[119],"security-relevant":[120],"layers:":[121],"context":[123],"instruction":[125],"layer,":[126,131,136,145],"tool":[128],"action":[130],"state":[133,183],"persistence":[135],"ecosystem":[139,207],"automation":[141],"layer.":[142],"For":[143],"each":[144],"we":[146,163,190],"summarize":[147],"functional":[149],"role,":[150],"representative":[151],"risks,":[153],"corresponding":[155],"strategies.":[157],"Based":[158],"analysis,":[162],"further":[164],"identify":[165],"that":[166],"threats":[167],"may":[172],"propagate":[173],"layers,":[175,199],"from":[176],"manipulated":[177],"inputs":[178],"to":[179],"unsafe":[180],"actions,":[181],"persistent":[182],"contamination,":[184],"broader":[186],"ecosystem-level":[187],"impact.":[188],"Finally,":[189],"highlight":[191],"potential":[192],"key":[193],"challenges,":[194],"including":[195],"research":[196],"imbalance":[197],"long-horizon":[203],"evaluation,":[204],"weak":[206],"trust":[208],"models,":[209],"outline":[211],"future":[212],"directions":[213],"toward":[214],"more":[215],"integrated":[218],"defenses.":[219]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-05-02T00:00:00"}
