Semantic communication (SemCom) redefines wireless communication from reproducing symbols to transmitting task-relevant semantics. However, this AI-native architecture also introduces new vulnerabilities, as semantic failures may arise from adversarial perturbations to models, corrupted training data, desynchronized priors, or misaligned inference even when lower-layer transmission reliability and cryptographic protection remain intact. This survey provides a defense-centered and system-oriented synthesis of security in SemCom via AI defense. We analyze AI-centric threat models by consolidating existing studies and organizing attack surfaces across model-level, channel-realizable, knowledge-based, and networked inference vectors. Building on this foundation, we present a structured taxonomy of defense strategies organized by where semantic integrity can be compromised in SemCom systems despite correct symbol delivery, spanning semantic encoding, wireless transmission, knowledge integrity, and coordination among multiple agents. These categories correspond to distinct security failure modes, including representation fragility, channel-realizable manipulation, semantic prior poisoning or desynchronization, and adversarial propagation through distributed inference. We also examine security utility operating envelopes that capture tradeoffs among semantic fidelity, robustness, latency, and energy under realistic constraints, survey evaluation frameworks and representative applications, and identify open challenges in cross-layer composition and deployment-time certification. Overall, this survey offers a unified system-level perspective that enables readers to understand major threat and defense mechanisms in AI-native SemCom systems and to leverage emerging security techniques in the design and deployment of robust SemCom architectures for next-generation intelligent networks.

翻译：语义通信（SemCom）将无线通信从符号复现重新定义为传输任务相关的语义。然而，这种原生AI架构也引入了新的脆弱性，因为即使底层传输可靠性和密码保护保持完好，语义故障仍可能源于对模型的对抗性扰动、损坏的训练数据、失步的先验知识或未对齐的推理。本综述通过AI防御视角，以防御为中心、系统为导向，对SemCom中的安全性进行了综合梳理。我们通过整合现有研究，并按照模型层面、信道可实现、基于知识以及网络化推理向量等攻击面进行组织，分析了以AI为中心的威胁模型。在此基础上，我们提出了一个结构化的防御策略分类法，该分类法按照在符号传输正确的情况下语义完整性仍可能在SemCom系统中受损的位置进行组织，涵盖语义编码、无线传输、知识完整性以及多智能体间的协调。这些类别对应着不同的安全失效模式，包括表示脆弱性、信道可实现操纵、语义先验知识中毒或失步，以及通过分布式推理的对抗性传播。我们还探讨了在现实约束下捕捉语义保真度、鲁棒性、延迟和能量之间权衡的安全效用运行包络，综述了评估框架和代表性应用，并指出了跨层组合与部署时认证方面的开放挑战。总体而言，本综述提供了一个统一的系统级视角，使读者能够理解原生AI SemCom系统中的主要威胁与防御机制，并在设计和部署面向下一代智能网络的鲁棒SemCom架构时利用新兴的安全技术。