![[2602.19555] Agentic AI as a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.19555] Agentic AI as a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains
Summary
This article discusses the cybersecurity implications of agentic AI systems, focusing on threats and defenses in runtime supply chains, highlighting vulnerabilities and proposing a Zero-Trust Runtime Architecture.
Why It Matters
As AI systems become more autonomous, understanding their cybersecurity risks is crucial. This research addresses emerging vulnerabilities in runtime supply chains, emphasizing the need for robust security frameworks to protect against sophisticated cyber threats.
Key Takeaways
- Agentic AI systems face unique cybersecurity threats during runtime execution.
- Vulnerabilities include data supply chain attacks and tool supply chain attacks.
- The concept of the Viral Agent Loop highlights self-propagating generative worms.
- A Zero-Trust Runtime Architecture is proposed to enhance security.
- Understanding these risks is essential for developing effective defenses.
Computer Science > Cryptography and Security arXiv:2602.19555 (cs) [Submitted on 23 Feb 2026] Title:Agentic AI as a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains Authors:Xiaochong Jiang, Shiqi Yang, Wenting Yang, Yichen Liu, Cheng Ji View a PDF of the paper titled Agentic AI as a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains, by Xiaochong Jiang and 4 other authors View PDF HTML (experimental) Abstract:Agentic systems built on large language models (LLMs) extend beyond text generation to autonomously retrieve information and invoke tools. This runtime execution model shifts the attack surface from build-time artifacts to inference-time dependencies, exposing agents to manipulation through untrusted data and probabilistic capability resolution. While prior work has focused on model-level vulnerabilities, security risks emerging from cyclic and interdependent runtime behavior remain fragmented. We systematize these risks within a unified runtime framework, categorizing threats into data supply chain attacks (transient context injection and persistent memory poisoning) and tool supply chain attacks (discovery, implementation, and invocation). We further identify the Viral Agent Loop, in which agents act as vectors for self-propagating generative worms without exploiting code-level flaws. Finally, we advocate a Zero-Trust Runtime Architecture that treats context as untrusted control flow and const...
