- Infographics
Taxonomy of Agent Threats
TL;DR: AI agent threats follow a predictable pattern as agents move from reasoning to action. This taxonomy maps five domains of risk and shows how impact expands with capability. Across each stage, identity determines what an agent can access, what it can do, and how far a compromise can extend.
When AI agents start taking real action inside enterprise systems – calling APIs, accessing data, chaining tools – the question of what they’re allowed to do becomes tantamount. This graphic maps the full risk surface so security teams and builders can see it clearly, all at once.
Every known agent threat – 18 of them across five domains – maps into a single tree, with tiers that escalate by blast radius and one root that connects them all: the agent’s identity.
Inside, you will find:
- A tree of known agent threats, organized by domain and blast radius.
- Five risk domains spanning identity confusion, instruction manipulation, supply chain, runtime execution, and persistence.
- A tiered model showing how threat severity escalates from initial influence to lasting compromise.
- A clear approach to reducing risk through verified, scoped, short-lived credentials.
- Key data points on how quickly organizations are deploying agents and where critical controls remain absent.
FAQ
You Have Questions? We Have Answers.
What is the Agent Identity Attack Surface?
It is a model that maps how AI agent risk expands as agents move from reasoning to execution. It shows how different threat domains connect and how identity determines the impact of each one.
Why do AI agent threats follow a pattern?
Agents operate in stages. They interpret instructions, use tools, and execute actions. Each stage introduces distinct risks, which is why threats can be grouped into repeatable domains.
What does blast radius mean for AI agents?
Blast radius refers to the scope of impact when an agent is compromised. As agents gain access to tools and infrastructure, their ability to affect systems, data, and workflows increases.
How does identity reduce AI agent risk?
Identity determines what an agent can access, what actions it can perform, and how those actions are authorized. Strong identity controls limit the impact of misuse by enforcing scoped and time-bound access.
Is this only relevant for large enterprises?
No. Any environment where agents access data, call APIs, or automate workflows introduces these risks. The model applies wherever agents act within systems.
What are the five domains of AI agent risk?
Identity confusion, prompt and instruction manipulation, tool and skill supply chain, runtime execution, and persistence or privilege escalation.