{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,29]],"date-time":"2026-06-29T09:44:45Z","timestamp":1782726285755,"version":"3.54.5"},"reference-count":50,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T00:00:00Z","timestamp":1780272000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information Sciences"],"published-print":{"date-parts":[[2026,6]]},"DOI":"10.1016\/j.ins.2026.123231","type":"journal-article","created":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T07:55:26Z","timestamp":1770796526000},"page":"123231","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":3,"special_numbering":"C","title":["Bridging AI and software security: A comparative vulnerability assessment of LLM agent deployment paradigms"],"prefix":"10.1016","volume":"740","author":[{"given":"Tarek","family":"Gasmi","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8759-0151","authenticated-orcid":false,"given":"Ramzi","family":"Guesmi","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jihene","family":"Bennaceur","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ines","family":"Belhadj","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.ins.2026.123231_bib0005","series-title":"Advances in Neural Information Processing Systems","first-page":"24824","article-title":"Chain-of-thought prompting elicits reasoning in large language models","volume":"vol. 35","author":"Wei","year":"2022"},{"issue":"6","key":"10.1016\/j.ins.2026.123231_bib0010","doi-asserted-by":"crossref","DOI":"10.1007\/s11704-024-40231-1","article-title":"A survey on large language model based autonomous agents","volume":"18","author":"Wang","year":"2024","journal-title":"Front. Comput. Sci."},{"issue":"2","key":"10.1016\/j.ins.2026.123231_bib0015","doi-asserted-by":"crossref","DOI":"10.1007\/s11432-024-4222-0","article-title":"The rise and potential of large language model based agents: a survey","volume":"68","author":"Xi","year":"2025","journal-title":"Sci. China Inf. Sci."},{"key":"10.1016\/j.ins.2026.123231_bib0020","series-title":"Proceedings of the 41st International Conference on Machine Learning (ICML)","first-page":"24370","article-title":"An LLM compiler for parallel function calling","volume":"235","author":"Kim","year":"2024"},{"key":"10.1016\/j.ins.2026.123231_bib0025","series-title":"Proceedings of the International Conference on Learning Representations (ICLR)","article-title":"The Berkeley function calling leaderboard: from tool use to agentic evaluation","author":"Yan","year":"2025"},{"key":"10.1016\/j.ins.2026.123231_bib0030","author":"Hou"},{"key":"10.1016\/j.ins.2026.123231_bib0035","author":"Liu"},{"key":"10.1016\/j.ins.2026.123231_bib0040","series-title":"2025 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)","first-page":"23","article-title":"Jailbreaking black box large language models in twenty queries","author":"Chao","year":"2025"},{"key":"10.1016\/j.ins.2026.123231_bib0045","author":"Zhan"},{"key":"10.1016\/j.ins.2026.123231_bib0050","series-title":"Advances in Neural Information Processing Systems (Datasets and Benchmarks Track)","article-title":"Agentdojo: a dynamic environment to evaluate prompt injection attacks and defenses for LLM agents","author":"Debenedetti","year":"2024"},{"key":"10.1016\/j.ins.2026.123231_bib0055","author":"Inan"},{"key":"10.1016\/j.ins.2026.123231_bib0060","author":"Yao"},{"key":"10.1016\/j.ins.2026.123231_bib0065","author":"Dai"},{"key":"10.1016\/j.ins.2026.123231_bib0070","author":"Hassouna"},{"issue":"7","key":"10.1016\/j.ins.2026.123231_bib0075","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3716628","article-title":"AI agents under threat: a survey of key security challenges and future pathways","volume":"57","author":"Deng","year":"2025","journal-title":"ACM Comput. Surv."},{"issue":"5","key":"10.1016\/j.ins.2026.123231_bib0080","doi-asserted-by":"crossref","first-page":"872","DOI":"10.1109\/JAS.2025.125498","article-title":"Exploring deepseek: a survey on advances, applications, challenges and future directions","volume":"12","author":"Deng","year":"2025","journal-title":"IEEE\/CAA J. Autom. Sin."},{"key":"10.1016\/j.ins.2026.123231_bib0085","doi-asserted-by":"crossref","first-page":"176482","DOI":"10.1109\/ACCESS.2025.3619764","article-title":"A lifecycle-oriented survey of emerging threats and vulnerabilities in large language models","volume":"13","author":"De Maio","year":"2025","journal-title":"IEEE Access"},{"key":"10.1016\/j.ins.2026.123231_bib0090","series-title":"2025 IEEE\/ACM International Workshop on Responsible AI Engineering (RAIE)","first-page":"1","article-title":"Insights and current gaps in open-source LLM vulnerability scanners: a comparative analysis","author":"Brokman","year":"2025"},{"key":"10.1016\/j.ins.2026.123231_bib0095","author":"Ramakrishnan"},{"key":"10.1016\/j.ins.2026.123231_bib0100","series-title":"33rd USENIX Security Symposium (USENIX Security 24)","first-page":"1831","article-title":"Formalizing and benchmarking prompt injection attacks and defenses","author":"Liu","year":"2024"},{"key":"10.1016\/j.ins.2026.123231_bib0105","series-title":"Proceedings of the 2025 Conference on Empirical Methods in Natural Language Processing (EMNLP)","first-page":"34964","article-title":"Breaking agents: compromising autonomous LLM agents through malfunction amplification","author":"Zhang","year":"2025"},{"issue":"12","key":"10.1016\/j.ins.2026.123231_bib0110","first-page":"101","article-title":"An introduction to information security","volume":"800","author":"Nieles","year":"2017","journal-title":"NIST Spec. Publ."},{"key":"10.1016\/j.ins.2026.123231_bib0115","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103532","article-title":"A quantitative security evaluation and analysis model for web applications based on owasp application security verification standard","volume":"135","author":"Wen","year":"2023","journal-title":"Comput. & Secur."},{"key":"10.1016\/j.ins.2026.123231_bib0120","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1007\/s00766-013-0195-2","article-title":"A descriptive study of microsoft\u2019s threat modeling technique","volume":"20","author":"Scandariato","year":"2015","journal-title":"Requir. Eng."},{"key":"10.1016\/j.ins.2026.123231_bib0125","author":"Narajala"},{"issue":"115","key":"10.1016\/j.ins.2026.123231_bib0130","first-page":"2","article-title":"Technical guide to information security testing and assessment","volume":"800","author":"Scarfone","year":"2008","journal-title":"NIST Spec. Publ."},{"key":"10.1016\/j.ins.2026.123231_bib0135","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1016\/j.compeleceng.2019.02.022","article-title":"A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment","volume":"75","author":"McKinnel","year":"2019","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.ins.2026.123231_bib0140","series-title":"Proceedings of the 2024 ACM\/IEEE 44th International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER)","first-page":"47","article-title":"Large language model for vulnerability detection: emerging results and future directions","author":"Zhou","year":"2024"},{"key":"10.1016\/j.ins.2026.123231_bib0145","series-title":"Advances in Neural Information Processing Systems","first-page":"46595","article-title":"Judging LLM-as-a-judge with mt-bench and chatbot arena","volume":"vol. 36","author":"Zheng","year":"2023"},{"key":"10.1016\/j.ins.2026.123231_bib0150","author":"Liu"},{"issue":"8","key":"10.1016\/j.ins.2026.123231_bib0155","doi-asserted-by":"crossref","first-page":"2329","DOI":"10.1109\/TSE.2025.3586082","article-title":"On the effectiveness of LLM-as-a-judge for code generation and summarization","volume":"51","author":"Crupi","year":"2025","journal-title":"IEEE Trans. Softw. Eng."},{"key":"10.1016\/j.ins.2026.123231_bib0160","article-title":"Cyber signals: defending against cyber threats with the latest research, insights, and trends","author":"Jakkal","year":"2022","journal-title":"Microsoft Security"},{"key":"10.1016\/j.ins.2026.123231_bib0165","author":"Louck"},{"key":"10.1016\/j.ins.2026.123231_bib0170","author":"Alaga"},{"key":"10.1016\/j.ins.2026.123231_bib0175","author":"Yu"},{"key":"10.1016\/j.ins.2026.123231_bib0180","article-title":"Inverse scaling: when bigger isn\u2019t better","author":"McKenzie","year":"2023","journal-title":"Trans. Mach. Learn. Res."},{"key":"10.1016\/j.ins.2026.123231_bib0185","author":"Sharma"},{"key":"10.1016\/j.ins.2026.123231_bib0190","author":"Kang"},{"key":"10.1016\/j.ins.2026.123231_bib0195","article-title":"Many-shot jailbreaking","volume":"37","author":"Anil","year":"2024","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"10.1016\/j.ins.2026.123231_bib0200","series-title":"Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security","first-page":"79","article-title":"Not what you\u2019ve signed up for: compromising real-world LLM-integrated applications with indirect prompt injection","author":"Greshake","year":"2023"},{"key":"10.1016\/j.ins.2026.123231_bib0205","author":"Liu"},{"key":"10.1016\/j.ins.2026.123231_bib0210","series-title":"Proceedings of the 34th USENIX Security Symposium (USENIX Security 25)","article-title":"Poisonedrag: knowledge corruption attacks to retrieval-augmented generation of large language models","author":"Zou","year":"2025"},{"key":"10.1016\/j.ins.2026.123231_bib0215","author":"Wu"},{"key":"10.1016\/j.ins.2026.123231_bib0220","author":"Beurer-Kellner"},{"key":"10.1016\/j.ins.2026.123231_bib0225","doi-asserted-by":"crossref","DOI":"10.7717\/peerj-cs.2821","article-title":"Comparative evaluation of approaches & tools for effective security testing of web applications","volume":"11","author":"Qadir","year":"2025","journal-title":"PeerJ Comput. Sci."},{"key":"10.1016\/j.ins.2026.123231_bib0230","series-title":"2025 IEEE 22nd International Conference on Software Architecture (ICSA)","first-page":"37","article-title":"Swiss cheese model for AI safety: a taxonomy and reference architecture for multi-layered guardrails of foundation model based agents","author":"Shamsujjoha","year":"2025"},{"issue":"8","key":"10.1016\/j.ins.2026.123231_bib0235","first-page":"1","article-title":"Research on webassembly runtimes: a survey","volume":"34","author":"Zhang","year":"2025","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"10.1016\/j.ins.2026.123231_bib0240","author":"Ehtesham"},{"key":"10.1016\/j.ins.2026.123231_bib0245","author":"Shrimal"},{"key":"10.1016\/j.ins.2026.123231_bib0250","author":"de Witt"}],"container-title":["Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0020025526001623?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0020025526001623?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T09:27:16Z","timestamp":1774258036000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0020025526001623"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6]]},"references-count":50,"alternative-id":["S0020025526001623"],"URL":"https:\/\/doi.org\/10.1016\/j.ins.2026.123231","relation":{"has-preprint":[{"id-type":"doi","id":"10.36227\/techrxiv.175339471.17113065\/v1","asserted-by":"object"}]},"ISSN":["0020-0255"],"issn-type":[{"value":"0020-0255","type":"print"}],"subject":[],"published":{"date-parts":[[2026,6]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Bridging AI and software security: A comparative vulnerability assessment of LLM agent deployment paradigms","name":"articletitle","label":"Article Title"},{"value":"Information Sciences","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.ins.2026.123231","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Inc. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"123231"}}