This work presents the first systematic framework for understanding security in AI agent systems, which integrate large language models with non-AI components and introduce novel attack surfaces beyond those of traditional software. Through a comprehensive synthesis of systematized literature review, security analysis, and case studies, the study delineates the threat landscape, attack surfaces, and defensive mechanisms specific to AI agents. It identifies critical gaps in current protection mechanisms, articulates core security requirements, and outlines effective defense strategies. Furthermore, the research highlights several open challenges that must be addressed to enable the development of secure AI agent systems, thereby establishing a foundational basis for future research and design in this emerging domain.

AI agents that combine large language models with non-AI system components are rapidly emerging in real-world applications, offering unprecedented automation and flexibility. However, this unprecedented flexibility introduces complex security challenges fundamentally different from those in traditional software systems. This paper presents the first systematic and comprehensive survey of AI agent security, including an analysis of the design space, attack landscape, and defense mechanisms for secure AI agent systems. We further conduct case studies to point out existing gaps in securing agentic AI systems and identify open challenges in this emerging domain. Our work also introduces the first systematic framework for understanding the security risks and defense strategies of AI agents, serving as a foundation for building both secure agentic systems and advancing research in this critical area.