Security of Internet of Agents: Attacks and Countermeasures

Abstract: With the rise of large language and vision-LLMs, AI agents have evolved into autonomous, interactive systems capable of perception, reasoning, and decision-making. As they proliferate across virtual and physical domains, the Internet of Agents (IoA) has emerged as a key infrastructure for enabling scalable and secure coordination among heterogeneous agents. This survey offers a comprehensive examination of the security and privacy landscape in IoA systems. We begin by outlining the IoA architecture and its distinct vulnerabilities compared to traditional networks, focusing on four critical aspects: identity authentication threats, cross-agent trust issues, embodied security, and privacy risks. We then review existing and emerging defense mechanisms and highlight persistent challenges. Finally, we identify open research directions to advance the development of resilient and privacy-preserving IoA ecosystems.

• The paper presents a comprehensive taxonomy of IoA security threats including identity forgery, cross-agent trust breaches, and privacy vulnerabilities.
• It reviews systematic surveys of attack vectors and countermeasures, emphasizing techniques such as dynamic access control and context-aware verification.
• The research advocates end-to-end security strategies, including security-by-design and cloud-edge cooperative networking, to build resilient agent ecosystems.

"Security of Internet of Agents: Attacks and Countermeasures" (2505.08807)

Introduction

The paper explores the security and privacy challenges that arise within the Internet of Agents (IoA), a paradigm driven by the proliferation of autonomous AI agents enabled by LLMs and vision-LLMs. In the IoA context, agents operate throughout virtual and physical domains, necessitating infrastructure that facilitates secure and scalable agent-to-agent (A2A) interaction. This survey systematically categorizes attacks on agent identity authentication, cross-agent trust, embodied security, and privacy, followed by a review of countermeasures and emerging defense strategies.

IoA Security and Privacy Landscape

The IoA paradigm departs from traditional network structures by focusing on semantic-based communication among heterogeneous agents. This shift introduces new vulnerabilities:

1. Identity Authentication Threats: Agents may face identity forgery, impersonation, and Sybil attacks, undermining trust within IoA networks (Figure 1). Dynamic access control systems that adapt to task contexts are proposed to counter these threats.

   Figure 1: The taxonomy of security and privacy threats in IoA.

2. Cross-Agent Trust Issues: Hallucination cascades, knowledge poisoning, and agent collusion pose significant risks, compromising the integrity of multi-agent collaboration. Techniques such as RAG, agent audit processes, and trust management frameworks are advocated.

   Figure 2: Illustration of agent identity authentication threats in IoA: (a) identity forgery, (b) Sybil attack, and (c) intent deception.

3. Embodied Security Threats: Physical manipulation of sensors and contextual backdoors present unique challenges for embodied agents. Countermeasures include sensor redundancy, physical defenses, and context-aware verification mechanisms.

   Figure 3: Illustration of cross-agent trust issues within IoA: (a) hallucination cascade, (b) knowledge poisoning, and (c) jailbreak.

4. Privacy Threats: The dynamic exchange of sensitive data exposes agents to RAG privacy leakage and unintentional memorization of sensitive information. Privacy-preserving techniques involve output interventions and privacy risk assessments.

   Figure 4: Illustration of security threats to embodied agents in IoA: (a) contextual backdoor, and (b) cross-domain safety misalignment.

5. Summary of Threats and Defenses: The paper provides a comprehensive summary of various threat types along with potential defenses, consolidating pivotal aspects of IoA security.

   Figure 5: Illustration of privacy threats in IoA: (a) RAG privacy leakage, and (b) agent memorization.

Research Insights and Future Directions

The paper emphasizes the necessity for end-to-end security strategies that integrate semantic understanding and real-time adaptability in IoA systems. Proposed directions include:

• Cloud-Edge Cooperative Networking: Research into hybrid systems that improve coordination efficiency among agent networks is recommended.
• Security-by-Design: Embedding security into the core architecture of IoA systems rather than as add-ons is advocated.
• Trustworthy Regulation: Exploration of decentralized governance frameworks that combine on-chain and off-chain mechanisms to address regulatory demands.
• Privacy-Aware Agent Architectures: Development of protocols that allow fine-grained privacy control over agent interactions is critical.
• Ethical Frameworks: Embedding culturally aware ethical principles and runtime monitors to ensure agent actions align with societal values.

Conclusion

This survey offers a detailed landscape of security and privacy issues within IoA, proposing an array of defense mechanisms while highlighting persistent challenges. By identifying future research directions, it aims to steer the development of robust IoA ecosystems, underscoring their potential to securely leverage autonomous collaborative intelligence. This work serves as a guide to building resilient agent infrastructures capable of maintaining security and privacy at scale.