Semantic communication (SemCom) redefines wireless communication from reproducing symbols to transmitting task-relevant semantics. However, this AI-native architecture also introduces new vulnerabilities, as semantic failures may arise from adversarial perturbations to models, corrupted training data, desynchronized priors, or misaligned inference even when lower-layer transmission reliability and cryptographic protection remain intact. This survey provides a defense-centered and system-oriented synthesis of security in SemCom via AI defense. We analyze AI-centric threat models by consolidating existing studies and organizing attack surfaces across model-level, channel-realizable, knowledge-based, and networked inference vectors. Building on this foundation, we present a structured taxonomy of defense strategies organized by where semantic integrity can be compromised in SemCom systems despite correct symbol delivery, spanning semantic encoding, wireless transmission, knowledge integrity, and coordination among multiple agents. These categories correspond to distinct security failure modes, including representation fragility, channel-realizable manipulation, semantic prior poisoning or desynchronization, and adversarial propagation through distributed inference. We also examine security utility operating envelopes that capture tradeoffs among semantic fidelity, robustness, latency, and energy under realistic constraints, survey evaluation frameworks and representative applications, and identify open challenges in cross-layer composition and deployment-time certification. Overall, this survey offers a unified system-level perspective that enables readers to understand major threat and defense mechanisms in AI-native SemCom systems and to leverage emerging security techniques in the design and deployment of robust SemCom architectures for next-generation intelligent networks.

翻译：语义通信（SemCom）将无线通信从符号复现重新定义为任务相关语义的传输。然而，这种原生AI架构也引入了新的脆弱性，因为即使底层传输可靠性与密码学保护保持完好，语义失效仍可能源于对模型的对抗性扰动、受损的训练数据、失步的先验知识或未对齐的推理。本综述通过AI防御视角，以防御为中心、系统为导向地综合探讨SemCom中的安全性问题。我们通过整合现有研究，从模型层面、信道可实现、基于知识以及网络化推理向量等多个攻击面组织AI中心化威胁模型进行分析。在此基础上，我们提出一种结构化的防御策略分类体系，该体系围绕语义完整性在SemCom系统中可能受损的环节（尽管符号传递正确）进行组织，涵盖语义编码、无线传输、知识完整性以及多智能体协同等维度。这些类别对应不同的安全失效模式，包括表示脆弱性、信道可实现操纵、语义先验知识污染或失步，以及通过分布式推理的对抗性传播。我们还研究了在现实约束下刻画语义保真度、鲁棒性、延迟与能耗之间权衡的安全效用运行边界，综述了评估框架与代表性应用，并指出了跨层组合与部署时认证等开放挑战。总体而言，本综述提供了一个统一的系统级视角，使读者能够理解原生AI语义通信系统中的主要威胁与防御机制，并在设计与部署面向下一代智能网络的鲁棒语义通信架构时，有效利用新兴安全技术。