LLM-based agents are now used throughout cybersecurity. While these agents facilitate powerful and autonomous security applications, their autonomy opens up new attack surfaces, and the security community is actively building defenses to secure them. Yet the literature on this subject has grown quickly and unevenly. Existing surveys treat applications, threats, and defenses in isolation, leaving no unified account of how an agent's capabilities, vulnerabilities, and countermeasures interconnect. In this work we present the first holistic survey of the agentic security landscape, structuring the field around the fundamental pillars of Applications, Threats and Defenses. We provide a comprehensive taxonomy of over 260 papers, explaining how agents are used in downstream cybersecurity applications, inherent threats to agentic systems, and countermeasures designed to protect them. In addition, we provide detailed pillar-specific and cross-cutting analyses that show the security-lifecycle coverage of agentic applications, comparison between red-teaming and blue-teaming agents, and the adversarial use of red-teaming applications. On the threat side, we analyze the entry points and agent-loop stages that attacks target, their specificity to the agentic setting, and the threat models they assume. On the defense side, we analyze the prevailing defense strategies, their cost and security trade-offs, and where in the agent lifecycle they are deployed. We further map which defenses cover which attack classes and chart trends in agent architecture, backbone model usage, data modality coverage, and the growth of attack and defense research over time. Taken together, these findings indicate that agentic systems are structurally fragile by default and that securing them will require defenses that span the full agent lifecycle rather than single-layer fixes.

翻译：基于大语言模型的智能体现已广泛部署于网络安全领域。尽管这些智能体能够支撑强大且自主的安全应用，但其自主性也催生了新的攻击面，安全领域正积极构建防御机制以保障其安全性。然而，相关文献增长迅速且发展不均。现有综述孤立地研究应用、威胁与防御，未能统一阐述智能体能力、脆弱性与防御措施之间的内在关联。本文首次对智能体安全领域进行整体性综述，围绕应用、威胁与防御三大核心支柱构建学科框架。我们基于260余篇论文构建了综合性分类体系，系统阐释了智能体在下游网络安全应用中的使用方式、智能体系统固有的威胁类型，以及为保护这些系统而设计的防御措施。此外，我们提供面向各支柱及跨领域的深度分析，揭示智能体应用的安全生命周期覆盖度、红蓝对抗智能体的比较研究，以及红队应用在对抗场景中的使用。在威胁层面，我们分析了攻击所针对的入口点和智能体循环阶段、这些攻击对智能体场景的特异性，以及它们所假设的威胁模型。在防御层面，我们解析了主流防御策略、其成本与安全权衡、以及在智能体生命周期中的部署位置。我们进一步梳理了各类防御措施覆盖的攻击类别，并绘制了智能体架构、基座模型使用、数据模态覆盖度的演变趋势，以及攻击与防御研究随时间的增长情况。综合来看，这些研究发现表明智能体系统在结构上存在固有脆弱性，其安全保障需要覆盖完整智能体生命周期的防御方案，而非单层修补。