Security researchers map threats to AI systems that can execute tasks autonomously — first taxonomy of attacks specific to agents.

A survey of threats to AI systems that act autonomously across web, software, and physical environments identifies attack patterns that don't fit either traditional AI safety or conventional software security categories. This means security teams now have a common language for what can actually go wrong when you give an AI agent the ability to take actions on its own.

Until now, threats to autonomous AI systems got sorted into existing buckets — either "AI safety" concerns (which mostly dealt with training and alignment) or "software security" concerns (which assumed a human was making the final decision). Neither framework fits a system that can independently navigate the web, call APIs, or control physical devices. The survey creates a taxonomy that names attacks specific to agency: what breaks when the AI itself decides what to do next, uses external tools without human review, or maintains memory across multiple autonomous actions. This matters because governance and defense strategies depend on actually naming the threat. Right now, they're mostly guessing.