{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:39:59Z","timestamp":1775745599232,"version":"3.50.1"},"reference-count":89,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T00:00:00Z","timestamp":1767484800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,4]],"date-time":"2026-01-04T00:00:00Z","timestamp":1767484800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2026,2]]},"DOI":"10.1007\/s10207-025-01185-y","type":"journal-article","created":{"date-parts":[[2026,1,5]],"date-time":"2026-01-05T01:47:54Z","timestamp":1767577674000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["From threat to trust: assessing security risks of agentic AI systems"],"prefix":"10.1007","volume":"25","author":[{"given":"Martin","family":"Leo","sequence":"first","affiliation":[]},{"given":"Freedy","family":"Tan","sequence":"additional","affiliation":[]},{"given":"Tianqi","family":"Miao","sequence":"additional","affiliation":[]},{"given":"Guru","family":"Anand","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,4]]},"reference":[{"key":"1185_CR1","unstructured":"Ghose, S. n a, editor.: The next \u201cNext big thing\u201d: Agentic AI\u2019s opportunities and risks. n.a. Available from: https:\/\/scet.berkeley.edu\/the-next-next-big-thing-agentic-ais-opportunities-and-risks\/"},{"key":"1185_CR2","unstructured":"Yee, L., Chui, M., Roberts, R. n a, editor.: Why agents are the next frontier of generative AI. n.a. Available from: https:\/\/www.mckinsey.com\/capabilities\/mckinsey-digital\/our-insights\/why-agents-are-the-next-frontier-of-generative-ai"},{"key":"1185_CR3","doi-asserted-by":"publisher","first-page":"18912","DOI":"10.1109\/ACCESS.2025.3532853","volume":"13","author":"D Acharya","year":"2025","unstructured":"Acharya, D., Bhaskar, K.K., Divya, B.: Agentic ai: Autonomous intelligence for complex goals-a comprehensive survey. IEEE Access. 13, 18912\u201318936 (2025). https:\/\/doi.org\/10.1109\/ACCESS.2025.3532853","journal-title":"IEEE Access."},{"key":"1185_CR4","unstructured":"Gabriel, I., Manzini, A., Keeling, G., Hendricks, L.A., Rieser, V., Iqbal, H., Toma\u0161ev, N., Ktena, I., Kenton, Z., Rodriguez, M., El-Sayed, S., Brown, S., Akbulut, C., Trask, A., Hughes, E., Stevie Bergman, A., Shelby, R., Marchal, N., Griffin, C., Mateos-Garcia, J., Weidinger, L., Street, W., Lange, B., Ingerman, A., Lentz, A., Enger, R., Barakat, A., Krakovna, V., Oliver Siy, J., Kurth-Nelson, Z., McCroskery, A., Bolina, V., Law, H., Shanahan, M., Alberts, L., Balle, B., de Haas, S., Ibitoye, Y., Dafoe, A., Goldberg, B., Krier, S., Reese, A., Witherspoon, S., Hawkins, W., Rauh, M., Wallace, D., Franklin, M., Goldstein, J.A., Lehman, J., Klenk, M., Vallor, S., Biles, C., Morris, M.R., King, H., Ag\u00fcera y Arcas, B., Isaac, W., Manyika, J. editor.: The Ethics of Advanced AI Assistants. Available from: arXiv:2404.16244"},{"key":"1185_CR5","unstructured":"Purdy, M.: What is Agentic AI, and how will it change work? Harvard Business Review. (2024). Retrieved December 12, 2024"},{"key":"1185_CR6","doi-asserted-by":"publisher","unstructured":"K\u0131l\u0131n\u00e7, H.K., Kececioglu, O.F. Generative Artificial Intelligence: A Historical and Future Perspective. Academic Platform Journal of Engineering and Smart Systems. 2024 https:\/\/doi.org\/10.21541\/apjess.1398155","DOI":"10.21541\/apjess.1398155"},{"issue":"1","key":"1185_CR7","doi-asserted-by":"publisher","first-page":"862","DOI":"10.34218\/ijcet_16_01_069","volume":"16","author":"PS Viswanathan","year":"2025","unstructured":"Viswanathan, P.S.: Agentic AI: a comprehensive framework for autonomous decision-making systems in artificial intelligence. Int. J. Comput. Eng. Technol. 16(1), 862\u2013879 (2025). https:\/\/doi.org\/10.34218\/ijcet_16_01_069","journal-title":"Int. J. Comput. Eng. Technol."},{"key":"1185_CR8","unstructured":"Celestin, T. n a, editor.: Agentic AI explained: How autonomous decision-making is shaping the future of AI. n.a. Available from: https:\/\/www.talkdesk.com\/blog\/agentic-ai\/"},{"key":"1185_CR9","unstructured":"Gabriel, A.G., Ahmad, A.A., Jeyakumar, S.K.: Advancing Agentic Systems: Dynamic Task Decomposition, Tool Integration and Evaluation using Novel Metrics and Dataset. In: Proceedings of the 38th Conference on Neural Information Processing Systems (NeurIPS 2024), Workshop on Open-World Agents; Preprint available at arXiv:2410.22457 (v1, submitted 29 Oct 2024). (2024). Available from: arXiv:2410.22457"},{"key":"1185_CR10","doi-asserted-by":"crossref","unstructured":"Huang, K. editor.: Agentic AI Threat Modeling Framework: MAESTRO | CSA. Available from: https:\/\/cloudsecurityalliance.org\/blog\/2025\/02\/06\/agentic-ai-threat-modeling-framework-maestro","DOI":"10.1007\/978-3-032-02130-4_2"},{"key":"1185_CR11","unstructured":"OWASP. n a, editor.: Threat Modeling - OWASP Cheat Sheet Series. OWASP. https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Threat_Modeling_Cheat_Sheet.html"},{"key":"1185_CR12","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.cose.2019.03.010","volume":"84","author":"W Xiong","year":"2019","unstructured":"Xiong, W., Lagerstr\u00f6m, R.: Threat modeling - A systematic literature review. Comput. Security 84, 53\u201369 (2019). https:\/\/doi.org\/10.1016\/j.cose.2019.03.010","journal-title":"Comput. Security"},{"key":"1185_CR13","unstructured":"Huang, K. editor.: Agentic AI Threat Modeling Framework: MAESTRO | CSA. Cloud Security Alliance Blog, accessed 2025-07-24. Available from: https:\/\/cloudsecurityalliance.org\/blog\/2025\/02\/06\/agentic-ai-threat-modeling-framework-maestro"},{"issue":"2","key":"1185_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3491209","volume":"55","author":"D Kaur","year":"2022","unstructured":"Kaur, D., Uslu, S., Rittichier, K.J., Durresi, A.: Trustworthy Artificial Intelligence: A Review. ACM Comput. Surv. 55(2), 1\u201338 (2022). https:\/\/doi.org\/10.1145\/3491209","journal-title":"ACM Comput. Surv."},{"issue":"9","key":"1185_CR15","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3555803","volume":"55","author":"B Li","year":"2023","unstructured":"Li, B., Qi, P., Liu, B., Di, S., Liu, J., Pei, J., et al.: Trustworthy AI: From Principles to Practices. ACM Comput. Surv. 55(9), 1\u201346 (2023). https:\/\/doi.org\/10.1145\/3555803","journal-title":"ACM Comput. Surv."},{"key":"1185_CR16","unstructured":"Madiega, T.: Artificial Intelligence Act. Brussels: European Parliamentary Research Service; (2021). Available from: https:\/\/www.europarl.europa.eu\/thinktank\/en\/document\/EPRS_STU(2021)690569"},{"key":"1185_CR17","unstructured":"Ala-Pietil\u00e4, P., Bonnet, Y., Bergmann, U., Bielikova, M., Bonefeld-Dahl, C., Bauer, W., et al.: The Assessment List for Trustworthy Artificial Intelligence (ALTAI). Lausanne: European Commission; (2020). Available from: https:\/\/digital-strategy.ec.europa.eu\/en\/library\/assessment-list-trustworthy-artificial-intelligence-altai-self-assessment"},{"key":"1185_CR18","unstructured":"Deng, Z., Guo, Y., Han, C., Ma, W., Xiong, J., Wen, S., Xiang, Y editor.: AI Agents Under Threat: A Survey of Key Security Challenges and Future Pathways. Available from: arXiv:2406.02630"},{"key":"1185_CR19","volume-title":"Reinforcement Learning: An introduction","author":"RS Sutton","year":"2018","unstructured":"Sutton, R.S., Barto, A.G.: Reinforcement Learning: An introduction, 2nd edn. The MIT Press, Cambridge (2018)","edition":"2"},{"key":"1185_CR20","unstructured":"Se, K. editor.: Does AI Remember? The role of Memory in Agentic Workflows. https:\/\/huggingface.co\/blog\/Kseniase\/memory"},{"key":"1185_CR21","unstructured":"Gunde, R. editor.: Giving your AI a mind: Exploring memory Frameworks for agentic language models. https:\/\/medium.com\/@honeyricky1m3\/giving-your-ai-a-mind-exploring-memory-frameworks-for-agentic-language-models-c92af355df06"},{"key":"1185_CR22","unstructured":"Arsanjani, A. n a, editor.: The Anatomy of Agentic AI. n.a. https:\/\/iianalytics.com\/community\/blog\/the-anatomy-of-agentic-ai"},{"key":"1185_CR23","unstructured":"Gao, H., Zhang, Y. n a, editor.: Memory Sharing for Large Language Model based Agents. n.a. Available from: arXiv:2404.09982"},{"key":"1185_CR24","doi-asserted-by":"publisher","unstructured":"Zhang, R., Tang, S., Liu, Y., Niyato, D., Xiong, Z., Sun, S., et al.: Toward agentic AI: Generative information retrieval inspired intelligent communications and networking. arXiv (Cornell University). (2025). https:\/\/doi.org\/10.48550\/arXiv.2502.16866","DOI":"10.48550\/arXiv.2502.16866"},{"key":"1185_CR25","doi-asserted-by":"publisher","unstructured":"Xu, W., Liang, Z., Mei, K., Gao, H., Tan, J., Zhang, Y.: A-MEM: Agentic Memory for LLM agents. arXiv (Cornell University). (2025). https:\/\/doi.org\/10.48550\/arxiv.2502.12110","DOI":"10.48550\/arxiv.2502.12110"},{"key":"1185_CR26","doi-asserted-by":"publisher","unstructured":"Sypherd, C., Belle, V.: Practical Considerations for Agentic LLM Systems. arXiv (Cornell University). (2024). https:\/\/doi.org\/10.48550\/arxiv.2412.04093","DOI":"10.48550\/arxiv.2412.04093"},{"key":"1185_CR27","doi-asserted-by":"publisher","unstructured":"Miehling, E., Ramamurthy, K.N., Varshney, K.R., Riemer, M., Bouneffouf, D., Richards, J.T. et al.: Agentic AI needs a systems theory. arXiv (Cornell University). (2025). https:\/\/doi.org\/10.48550\/arxiv.2503.00237","DOI":"10.48550\/arxiv.2503.00237"},{"key":"1185_CR28","doi-asserted-by":"publisher","unstructured":"Ruan, J., Chen, Y., Zhang, B., Xu, Z., Bao, T., Du, G. et al.: TPTU: large language model-based AI agents for task planning and tool usage. arXiv (Cornell University). (2023). https:\/\/doi.org\/10.48550\/arxiv.2308.03427","DOI":"10.48550\/arxiv.2308.03427"},{"key":"1185_CR29","doi-asserted-by":"publisher","first-page":"18912","DOI":"10.1109\/ACCESS.2025.3532853","volume":"13","author":"DB Acharya","year":"2025","unstructured":"Acharya, D.B., Kuppan, K., Divya, B.: Agentic AI: Autonomous Intelligence for Complex Goals\u2013A Comprehensive Survey. IEEE Access. 13, 18912\u201318936 (2025). https:\/\/doi.org\/10.1109\/ACCESS.2025.3532853","journal-title":"IEEE Access."},{"key":"1185_CR30","doi-asserted-by":"publisher","unstructured":"He, F., Zhu, T., Ye, D., Liu, B., Zhou, W., Yu, P.S.: The Emerged Security and Privacy of LLM Agent: A Survey with Case Studies. (2024), https:\/\/doi.org\/10.48550\/arXiv.2407.19354. arXiv preprint arXiv:2407.19354 [cs.CR]","DOI":"10.48550\/arXiv.2407.19354"},{"key":"1185_CR31","doi-asserted-by":"publisher","unstructured":"Chen, Z., Xiang, Z., Xiao, C., Song, D., Li, B.: AgentPoison: Red-teaming LLM Agents via Poisoning Memory or Knowledge Bases. (2024). https:\/\/doi.org\/10.48550\/arXiv.2407.12784. arXiv preprint arXiv:2407.12784. [cs.LG]","DOI":"10.48550\/arXiv.2407.12784"},{"key":"1185_CR32","doi-asserted-by":"publisher","unstructured":"Deng, Z., Guo, Y., Han, C., Ma, W., Xiong, J., Wen, S. et al.: AI Agents Under Threat: A Survey of Key Security Challenges and Future Pathways. (2024); Version 2. https:\/\/doi.org\/10.48550\/arXiv.2406.02630. arXiv preprint arXiv:2406.02630. [cs.CR]","DOI":"10.48550\/arXiv.2406.02630"},{"issue":"2","key":"1185_CR33","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3716628","volume":"57","author":"Z Deng","year":"2025","unstructured":"Deng, Z., Guo, Y., Han, C., Ma, W., Xiong, J., Wen, S., et al.: AI Agents Under Threat: A Survey of Key Security Challenges and Future Pathways. ACM Comput. Surv. 57(2), 1\u201336 (2025). https:\/\/doi.org\/10.1145\/3716628","journal-title":"ACM Comput. Surv."},{"issue":"26","key":"1185_CR34","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1007\/s10207-025-00990-9","volume":"24","author":"F Brancati","year":"2025","unstructured":"Brancati, F., Mongelli, D., Mariotti, F., Lollini, P.: A cybersecurity risk assessment methodology for industrial automation control systems. Int. J. Inf. Secur. 24(26), 76 (2025). https:\/\/doi.org\/10.1007\/s10207-025-00990-9","journal-title":"Int. J. Inf. Secur."},{"key":"1185_CR35","doi-asserted-by":"crossref","unstructured":"Waqdan, M., Louafi, H., Mouhoub, M.: Security risk assessment in IoT environments: A taxonomy and survey. Comput. Security 154 (2025)","DOI":"10.1016\/j.cose.2025.104456"},{"issue":"1","key":"1185_CR36","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/s10207-022-00638-y","volume":"22","author":"A Amro","year":"2023","unstructured":"Amro, A., Gkioulos, V.: Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth. Int. J. Inf. Secur. 22(1), 249\u2013288 (2023)","journal-title":"Int. J. Inf. Secur."},{"issue":"1","key":"1185_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3674845","volume":"6","author":"J Dev","year":"2025","unstructured":"Dev, J., Akhuseyinoglu, N.B., Kayas, G., Rashidi, B., Garg, V.: Building Guardrails in AI Systems with Threat Modeling. Digit Gov: Res Pract. 6(1), 1\u201318 (2025). https:\/\/doi.org\/10.1145\/3674845","journal-title":"Digit Gov: Res Pract."},{"issue":"1","key":"1185_CR38","doi-asserted-by":"publisher","first-page":"57","DOI":"10.5455\/JCSI.20240710052550","volume":"1","author":"A Hammami","year":"2024","unstructured":"Hammami, A.: The Art of Threat Modeling. J. Comput. Sci. Inform. 1(1), 57 (2024). https:\/\/doi.org\/10.5455\/JCSI.20240710052550","journal-title":"J. Comput. Sci. Inform."},{"key":"1185_CR39","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103543","volume":"136","author":"SM Khalil","year":"2024","unstructured":"Khalil, S.M., Bahsi, H., Kor\u00f5tko, T.: Threat modeling of industrial control systems: A systematic literature review. Comput. Secur. 136, 103543 (2024)","journal-title":"Comput. Secur."},{"issue":"6","key":"1185_CR40","doi-asserted-by":"publisher","first-page":"1713","DOI":"10.1007\/s10207-023-00713-y","volume":"22","author":"M Ekstedt","year":"2023","unstructured":"Ekstedt, M., Afzal, Z., Mukherjee, P., Hacks, S., Lagerstr\u00f6m, R.: Yet another cybersecurity risk assessment framework. Int. J. Inf. Secur. 22(6), 1713\u20131729 (2023)","journal-title":"Int. J. Inf. Secur."},{"key":"1185_CR41","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103391","volume":"133","author":"Z Abuabed","year":"2023","unstructured":"Abuabed, Z., Alsadeh, A., Taweel, A.: Stride threat model-based framework for assessing the vulnerabilities of modern vehicles. Comput. Secur. 133, 103391 (2023)","journal-title":"Comput. Secur."},{"key":"1185_CR42","doi-asserted-by":"crossref","unstructured":"Stango, A., Prasad, N.R., Kyriazanos, D.M.: A Threat Analysis Methodology for Security Evaluation and Enhancement Planning. In: Proceedings of the Third International Conference on Emerging Security Information, Systems and Technologies; (2009). Conference proceedings format; include publisher if known. Available from","DOI":"10.1109\/SECURWARE.2009.47"},{"key":"1185_CR43","unstructured":"Shevchenko, N., Chick, T.A., O\u2019Riordan, P., Scanlon, T.P., Woody, C.: Threat Modeling: A Summary of Available Methods. Software Engineering Institute, Carnegie Mellon University; (2018). Available from: https:\/\/insights.sei.cmu.edu\/documents\/569\/2018_019_001_524597.pdf"},{"key":"1185_CR44","unstructured":"OWASP Foundation. n a, editor.: OWASP Top 10 for Large Language Model Applications. OWASP Foundation. Accessed April 20, 2025. Available from: https:\/\/owasp.org\/www-project-top-10-for-large-language-model-applications\/"},{"key":"1185_CR45","unstructured":"Anthony, P., Gan, S., Chin, O., Rayner, A., Lukose, D.L Agent architecture: An overview. Trans. Sci. Technol. 18\u201335 (2014)"},{"key":"1185_CR46","doi-asserted-by":"publisher","first-page":"80950","DOI":"10.1109\/access.2024.3409051","volume":"12","author":"D Maldonado","year":"2024","unstructured":"Maldonado, D., Cruz, E., Torres, J.A., Cruz, P.J., Del Pilar Gamboa Benitez, S.: Multi-agent Systems: A survey about its components, framework and workflow. IEEE Access 12, 80950\u201380975 (2024). https:\/\/doi.org\/10.1109\/access.2024.3409051","journal-title":"IEEE Access"},{"key":"1185_CR47","doi-asserted-by":"publisher","unstructured":"Yuan, L., Zhang, Z., Li, L., Guan, C., Yu, Y.: A survey of progress on cooperative multi-agent reinforcement learning in open environment. arXiv (Cornell University). (2023). https:\/\/doi.org\/10.48550\/arxiv.2312.01058","DOI":"10.48550\/arxiv.2312.01058"},{"key":"1185_CR48","doi-asserted-by":"publisher","unstructured":"Hoen, P.J., Tuyls, K., Panait, L., Luke, S., La Poutr\u00e9, J.A.: An overview of cooperative and competitive multiagent learning. In: Lecture notes in computer science; 1\u201346 (2006). Available from: https:\/\/doi.org\/10.1007\/11691839_1","DOI":"10.1007\/11691839_1"},{"key":"1185_CR49","doi-asserted-by":"publisher","unstructured":"Storchan, V., Vyetrenko, S., Balch, T.: Learning who is in the market from time series: market participant discovery through adversarial calibration of multi-agent simulators. arXiv (Cornell University). (2021). https:\/\/doi.org\/10.48550\/arxiv.2108.00664","DOI":"10.48550\/arxiv.2108.00664"},{"key":"1185_CR50","unstructured":"Ray, S. editor.: AI agents \u2014 what they are, and how they\u2019ll change the way we work - Source. https:\/\/news.microsoft.com\/source\/features\/ai\/ai-agents-what-they-are-and-how-theyll-change-the-way-we-work\/"},{"key":"1185_CR51","unstructured":"Fauscette, M. editor.: The Architecture of Agentic AI: Building Systems that Think and Act Autonomously \u2014 Arion Research LLC. https:\/\/www.arionresearch.com\/blog\/the-architecture-of-agentic-ai-building-systems-that-think-and-act-autonomously"},{"key":"1185_CR52","unstructured":"Srivastava, S. editor.: AI Agent Architecture: The framework behind smart Decisions. https:\/\/www.engati.com\/blog\/ai-agent-architecture"},{"key":"1185_CR53","unstructured":"Kanerika, editor.: AI Agent Architecture: Breaking down the framework of autonomous systems. https:\/\/kanerika.com\/blogs\/ai-agent-architecture\/"},{"key":"1185_CR54","unstructured":"Restack, editor.: Layered Agent Architecture in AI | Restackio. https:\/\/www.restack.io\/p\/agent-architecture-answer-layered-agent-architecture-cat-ai"},{"key":"1185_CR55","unstructured":"Grenawalt, T. editor.: Artificial Intelligence Agents: Architecture & Applications | Vation Ventures Research. https:\/\/www.vationventures.com\/research-article\/artificial-intelligence-agents-architecture-applications"},{"key":"1185_CR56","doi-asserted-by":"publisher","unstructured":"Durante, Z., Huang, Q., Wake, N., Gong, R., Park, J.S., Sarkar, B. et al.: Agent AI: Surveying the horizons of Multimodal Interaction. arXiv (Cornell University). (2024). https:\/\/doi.org\/10.48550\/arxiv.2401.03568","DOI":"10.48550\/arxiv.2401.03568"},{"key":"1185_CR57","unstructured":"Microsoft, editor.: Agent AI - Microsoft Research. https:\/\/www.microsoft.com\/en-us\/research\/project\/agent-ai\/"},{"key":"1185_CR58","doi-asserted-by":"publisher","unstructured":"Durante, Z., Sarkar, B., Gong, R., Taori, R., Noda, Y., Tang, P. et al.: An Interactive Agent Foundation model. arXiv (Cornell University). (2024). https:\/\/doi.org\/10.48550\/arxiv.2402.05929","DOI":"10.48550\/arxiv.2402.05929"},{"key":"1185_CR59","unstructured":"Wiesinger, J., Marlow, P., Vuskovic, V., Gulli, A., Nawalgaria, A., Mollison, G. editor.: Agents. Google. https:\/\/drive.google.com\/file\/d\/1oEjiRCTbd54aSdB_eEe3UShxLBWK9xkt\/view"},{"key":"1185_CR60","doi-asserted-by":"publisher","unstructured":"Slattery, P., Saeri, A.K., Grundy, E.A.C., Graham, J., Noetel, M., Uuk, R. et al.: The AI Risk Repository: A Comprehensive Meta-Review, Database, and Taxonomy of Risks From Artificial Intelligence. (2024). https:\/\/doi.org\/10.48550\/arXiv.2408.12622. arXiv preprint arXiv:2408.12622","DOI":"10.48550\/arXiv.2408.12622"},{"key":"1185_CR61","doi-asserted-by":"publisher","unstructured":"Veprikov, A., Afanasiev, A., Khritankov, A.: A Mathematical Model of the Hidden Feedback Loop Effect in Machine Learning Systems. (2024), https:\/\/doi.org\/10.48550\/arXiv.2405.02726. arXiv preprint arXiv:2405.02726. [cs.LG]","DOI":"10.48550\/arXiv.2405.02726"},{"key":"1185_CR62","unstructured":"Bowen, D., Murphy, B., Cai, W., Khachaturov, D., Gleave, A., Pelrine, K.: Data Poisoning in LLMs: Jailbreak-Tuning and Scaling Laws. arXiv preprint arXiv:2408.02946. 2024;Submitted on 6 Aug 2024 (v1), last revised 27 Dec 2024 (this version, v5)"},{"key":"1185_CR63","doi-asserted-by":"publisher","unstructured":"Liu, Y., Deng, G., Li, Y., Wang, K., Wang, Z., Wang, X. et al.: Prompt Injection Attack Against LLM-integrated Applications. (2023). arXiv preprint arXiv:2306.05499. [cs.CR], last revised 2 Mar 2024 (v2). https:\/\/doi.org\/10.48550\/arXiv.2306.05499","DOI":"10.48550\/arXiv.2306.05499"},{"issue":"4","key":"1185_CR64","doi-asserted-by":"publisher","first-page":"1607","DOI":"10.1007\/s13347-021-00477-0","volume":"34","author":"WJ von Eschenbach","year":"2021","unstructured":"von Eschenbach, W.J.: Transparency and the Black Box Problem: Why We Do Not Trust AI. Philos. Technol. 34(4), 1607\u20131622 (2021). https:\/\/doi.org\/10.1007\/s13347-021-00477-0","journal-title":"Philos. Technol."},{"key":"1185_CR65","unstructured":"Narajala, V.S., Narayan, O.: Securing Agentic AI: A Comprehensive Threat Model and Mitigation Framework for Generative AI Agents. 2025 April;Accessed from arXiv preprint arXiv:2504.19956"},{"key":"1185_CR66","first-page":"9460","volume":"35","author":"J Skalse","year":"2022","unstructured":"Skalse, J., Howe, N., Krasheninnikov, D., Krueger, D.: Defining and characterizing reward gaming. Adv. Neural. Inf. Process. Syst. 35, 9460\u20139471 (2022)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"1185_CR67","doi-asserted-by":"publisher","unstructured":"Hayes CF, R\u0103dulescu R, Bargiacchi E, K\u00e4llstr\u00f6m J, Macfarlane M, Reymond M, et\u00a0al. A Practical Guide to Multi-Objective Reinforcement Learning and Planning. Autonomous Agents and Multi-Agent Systems. 2022;36:26. https:\/\/doi.org\/10.48550\/arXiv.2103.09568. arXiv:2103.09568 [cs.AI]","DOI":"10.48550\/arXiv.2103.09568"},{"key":"1185_CR68","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2022.108632","volume":"245","author":"F Bayram","year":"2022","unstructured":"Bayram, F., Ahmed, B.S., Kassler, A.: From concept drift to model degradation: An overview on performance-aware drift detectors. Knowl.-Based Syst. 245, 108632 (2022). https:\/\/doi.org\/10.1016\/j.knosys.2022.108632","journal-title":"Knowl.-Based Syst."},{"key":"1185_CR69","doi-asserted-by":"publisher","unstructured":"Singh, A., Ehtesham, A., Kumar, S., Khoei, T.T.: Agentic Retrieval-Augmented Generation: A Survey on Agentic RAG. arXiv preprint arXiv:2501.09136. 2025 January;Submitted 15 Jan 2025; Accessed from https:\/\/doi.org\/10.48550\/arXiv.2501.09136","DOI":"10.48550\/arXiv.2501.09136"},{"key":"1185_CR70","unstructured":"Ammann, L., Ott, S. editor.: Analysis of Risks and Mitigation Strategies in RAG. Advisor: Marco Lehmann. Deposited on February 18, 2025. Bachelor thesis, Ostschweizer Fachhochschule (OST), Rapperswil, Switzerland. Available from: https:\/\/eprints.ost.ch\/id\/eprint\/1255\/"},{"key":"1185_CR71","doi-asserted-by":"publisher","unstructured":"Chen, Z., Xiang, Z., Xiao, C., Song, D., Li, B.: AgentPoison: Red-teaming LLM Agents via Poisoning Memory or Knowledge Bases. (2024). arXiv preprint arXiv:2407.12784 [cs.LG]. https:\/\/doi.org\/10.48550\/arXiv.2407.12784","DOI":"10.48550\/arXiv.2407.12784"},{"key":"1185_CR72","unstructured":"Dong, S., Xu, S., He, P., Li, Y., Tang, J., Liu, T. et al.: A Practical Memory Injection Attack Against LLM Agents. (2025). Accessed from arXiv preprint arXiv:2503.03704"},{"key":"1185_CR73","unstructured":"Wang, B., He, W., He, P., Zeng, S., Xiang, Z., Xing, Y. et al.: Unveiling Privacy Risks in LLM Agent Memory. arXiv preprint arXiv:2502.13172. 2025;Submitted on 17 Feb 2025"},{"key":"1185_CR74","unstructured":"Zhang, H., Huang, J., Mei, K., Yao, Y., Wang, Z., Zhan, C. et al.: Agent Security Bench (ASB): Formalizing and Benchmarking Attacks and Defenses in LLM-based Agents. (2024). Accessed from arXiv preprint arXiv:2410.02644"},{"key":"1185_CR75","doi-asserted-by":"publisher","DOI":"10.1007\/s11098-025-02301-3","author":"A Kasirzadeh","year":"2025","unstructured":"Kasirzadeh, A.: Two types of AI existential risk: decisive and accumulative. Philos. Stud. (2025). https:\/\/doi.org\/10.1007\/s11098-025-02301-3","journal-title":"Philos. Stud."},{"key":"1185_CR76","doi-asserted-by":"publisher","DOI":"10.1016\/j.patter.2024.100988","author":"PS Park","year":"2024","unstructured":"Park, P.S., Goldstein, S., O\u2019Gara, A., Chen, M., Hendrycks, D.: AI deception: A survey of examples, risks, and potential solutions. Patterns. (2024). https:\/\/doi.org\/10.1016\/j.patter.2024.100988","journal-title":"Patterns."},{"key":"1185_CR77","doi-asserted-by":"crossref","unstructured":"Barua, S., Rahman, M., Islam, R., Khaled, S., Sadek, M.J., Kabir, A.: Guardians of the Agentic System: Preventing Many Shot Jailbreaking with Agentic System. (2025). arXiv preprint arXiv:2502.16750 [cs.AI]","DOI":"10.21203\/rs.3.rs-6372131\/v1"},{"key":"1185_CR78","unstructured":"Barbi, O., Yoran, O., Geva, M.: Preventing Rogue Agents Improves Multi-Agent Collaboration. (2025). arXiv preprint arXiv:2502.05986 [cs.AI]"},{"key":"1185_CR79","first-page":"4032","volume":"6","author":"R Guerraoui","year":"2021","unstructured":"Guerraoui, R., Maurer, A.: Byzantine-resilient multi-agent system. IEEE Trans. Dependable Secure Comput. 6, 4032\u20134038 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"1185_CR80","unstructured":"Habler, I., Huang, K., Narajala, V.S., Kulkarni, P.: Building a Secure Agentic AI Application Leveraging A2A Protocol. (2025). Accessed from arXiv preprint arXiv:2504.16902"},{"key":"1185_CR81","doi-asserted-by":"crossref","unstructured":"Mukherjee, R., Swaroopa, S., Chakraborty, R.S.: Security Vulnerabilities in AI Hardware: Threats and Countermeasures. In: 2024 IEEE 33rd Asian Test Symposium (ATS). Ahmedabad, India; p. 1\u20136 (2024)","DOI":"10.1109\/ATS64447.2024.10915219"},{"key":"1185_CR82","unstructured":"Muckin, M., Fitch, S.C.: A Threat-Driven Approach to Cyber Security: Methodologies, Practices and Tools to Enable a Functionally Integrated Cyber Security Organization. Bethesda, MD: Lockheed Martin Corporation; 2019. Available via Lockheed Martin website (accessed 2025-07-24). Available from: https:\/\/www.lockheedmartin.com\/content\/dam\/lockheed-martin\/rms\/documents\/cyber\/LM-White-Paper-Threat-Driven-Approach.pdf"},{"issue":"3","key":"1185_CR83","doi-asserted-by":"publisher","first-page":"1140","DOI":"10.3390\/vehicles6030054","volume":"6","author":"P Das","year":"2024","unstructured":"Das, P., Asif, M.R.A., Jahan, S., Ahmed, K., Bui, F.M., Khondoker, R.: STRIDE-Based Cybersecurity Threat Modeling, Risk Assessment and Treatment of an In-Vehicle Infotainment System. Vehicles. 6(3), 1140\u20131163 (2024). https:\/\/doi.org\/10.3390\/vehicles6030054","journal-title":"Vehicles."},{"key":"1185_CR84","doi-asserted-by":"crossref","unstructured":"Batool, A., Zowghi, D., Bano, M.: AI governance: a systematic literature review. AI and Ethics. (2025)","DOI":"10.21203\/rs.3.rs-4784792\/v1"},{"key":"1185_CR85","unstructured":"National Institute of Standards and Technology (NIST). editor.: AI Risks and Trustworthiness: Characteristics of Trustworthy AI Systems. Accessed 2025-07-24. https:\/\/airc.nist.gov\/airmf-resources\/airmf\/3-sec-characteristics\/"},{"issue":"4","key":"1185_CR86","doi-asserted-by":"publisher","DOI":"10.1016\/j.giq.2022.101685","volume":"39","author":"BW Wirtz","year":"2022","unstructured":"Wirtz, B.W., Weyerer, J.C., Kehl, I.: Governance of artificial intelligence: A risk and guideline-based integrative framework. Gov. Inf. Q. 39(4), 101685 (2022)","journal-title":"Gov. Inf. Q."},{"key":"1185_CR87","unstructured":"AI Exchange, editor.: AI Security Overview. Available from: https:\/\/owaspai.org\/docs\/ai_security_overview\/"},{"key":"1185_CR88","unstructured":"ISO\/IEC JTC 1\/SC42. ISO\/IEC TS5723:2022, Trustworthiness \u2014 Vocabulary. Geneva, Switzerland: International Organization for Standardization (ISO)\/ International Electrotechnical Commission (IEC); 2022. TS 5723:2022(E). Published 22 July 2022; defines core trustworthiness vocabulary and selected characteristics :contentReference[oaicite:1]index=1. Available from: https:\/\/www.iso.org\/standard\/77841.html"},{"key":"1185_CR89","doi-asserted-by":"publisher","unstructured":"Cox, L.A.T.J.: What\u2019s Wrong with Risk Matrices? Risk Anal. 28(2), 497\u2013512 (2008). https:\/\/doi.org\/10.1111\/j.1539-6924.2008.01030.x","DOI":"10.1111\/j.1539-6924.2008.01030.x"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01185-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01185-y","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01185-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T16:07:56Z","timestamp":1769875676000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01185-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,4]]},"references-count":89,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,2]]}},"alternative-id":["1185"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01185-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,4]]},"assertion":[{"value":"2 August 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 December 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"This study constitutes a desk review, and as such, no ethical standards apply to its execution.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}},{"value":"The authors declare no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"23"}}