Enterprise technology leaders deploying autonomous AI agents for cybersecurity must reckon with a fundamental paradox: the same autonomy that makes these agents powerful also opens new attack surfaces. A comprehensive survey published on arXiv on October 7, 2025, offers the first unified account of this emerging field, mapping applications, threats, and defenses across more than 260 research papers.
"LLM-based agents are now used throughout cybersecurity. While these agents facilitate powerful and autonomous security applications, their autonomy opens up new attack surfaces, and the security community is actively building defenses to secure them."
Applications: Autonomous Agents in Cybersecurity
The survey, authored by Shahriar, Asif, Rahman, Md Nafiu, Ahmed, Sadif, Sadeque, Farig, Parvez, and Md Rizwan, categorizes downstream cybersecurity applications where LLM-based agents are deployed. These agents automate tasks such as threat detection, incident response, and vulnerability analysis. The research provides a detailed taxonomy that structures the field around three fundamental pillars: Applications, Threats, and Defenses.
Threats: Attack Surfaces in Agentic Systems
On the threat side, the survey analyzes entry points and agent-loop stages that attacks target, their specificity to the agentic setting, and the threat models they assume. Key dimensions include:
- Entry points: How attackers can compromise the agent's inputs or outputs.
- Agent-loop stages: Vulnerabilities at different points in the agent's decision-making cycle.
- Threat models: Assumptions about attacker capabilities and objectives.
The analysis shows that the rapid growth of attack research has outpaced defense research, creating an uneven landscape.
Defenses: Strategies and Trade-offs
The defense pillar examines prevailing defense strategies, their cost and security trade-offs, and where in the agent lifecycle they are deployed. The survey maps which defenses cover which attack classes and charts trends in agent architecture, backbone model usage, and data modality coverage.
| Defense Aspect | Key Findings |
|---|---|
| Strategies | Multiple defense layers exist, but no single fix is sufficient. |
| Cost vs. Security | Trade-offs are significant; heavier defenses reduce performance. |
| Lifecycle Stage | Defenses must be deployed across the full agent lifecycle. |
Structural Fragility by Default
A central conclusion of the survey is that agentic systems are structurally fragile by default. The researchers emphasize that securing them will require defenses that span the full agent lifecycle rather than single-layer fixes. This finding has direct implications for enterprise cybersecurity teams: bolt-on security measures are inadequate. Instead, organizations must embed security into every stage of agent design, training, deployment, and monitoring.
The survey also provides cross-cutting analyses, including a comparison between red-teaming and blue-teaming agents, and the adversarial use of red-teaming applications. These insights help practitioners understand both offensive and defensive agentic capabilities.
Implications for Enterprise Technology Leaders
For CTOs and cybersecurity decision-makers, the takeaway is clear: as autonomous AI agents become integral to security operations, the attack surface expands in parallel. The survey's holistic framework offers a baseline for evaluating existing agentic deployments and planning future investments. Investing in lifecycle-wide defenses—rather than point solutions—is critical to harnessing agent autonomy without inviting catastrophic compromise.
