🤖 AI Summary
Existing AI security frameworks inadequately address agent-specific risks—including privilege escalation, adversarial manipulation, and dynamic environment interaction—in autonomous, agentic AI systems.
Method: We propose a full-lifecycle, multi-layered security framework tailored for autonomous decision-making AI. It introduces the first agent-centric CIAA model (Confidentiality, Integrity, Availability, Accountability) and the MAAIS (Multi-layered Agentic AI Security) defense architecture. Grounded in Design Science Research (DSR), the framework integrates threat modeling via MITRE ATLAS tactical mapping for empirical validation.
Contribution/Results: The framework bridges critical gaps in agent-aware security coverage, achieves formal alignment with ATLAS adversary tactics, and delivers a standardized, implementable governance framework. Validated for enterprise AI platforms, it provides actionable, domain-agnostic security guidelines—deployed in high-stakes sectors including finance, healthcare, and cybersecurity.
📝 Abstract
Securing Agentic Artificial Intelligence (AI) systems requires addressing the complex cyber risks introduced by autonomous, decision-making, and adaptive behaviors. Agentic AI systems are increasingly deployed across industries, organizations, and critical sectors such as cybersecurity, finance, and healthcare. However, their autonomy introduces unique security challenges, including unauthorized actions, adversarial manipulation, and dynamic environmental interactions. Existing AI security frameworks do not adequately address these challenges or the unique nuances of agentic AI. This research develops a lifecycle-aware security framework specifically designed for agentic AI systems using the Design Science Research (DSR) methodology. The paper introduces MAAIS, an agentic security framework, and the agentic AI CIAA (Confidentiality, Integrity, Availability, and Accountability) concept. MAAIS integrates multiple defense layers to maintain CIAA across the AI lifecycle. Framework validation is conducted by mapping with the established MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) AI tactics. The study contributes a structured, standardized, and framework-based approach for the secure deployment and governance of agentic AI in enterprise environments. This framework is intended for enterprise CISOs, security, AI platform, and engineering teams and offers a detailed step-by-step approach to securing agentic AI workloads.