AI agents introduce fundamentally new security challenges because they blur the line between code and data, and can execute actions across systems—developers need layered defenses including input filtering, sandboxing, and strict privilege controls.
This paper identifies security risks in AI agents—systems that can take actions in the real world—and proposes defenses. It covers new attack types like prompt injection and confused-deputy problems, explains how current protections work (sandboxing, policy enforcement), and highlights gaps in standards and research needed to secure multi-agent systems.