The AI Agent Security Surface: What Gets Exposed When You Add Tools and Memory

AI agents introduce a significantly larger attack surface compared to standard LLMs by incorporating planning, tools, and memory. A structured security framework identifies four distinct attack surfaces: the prompt, tool, memory, and planning loop. Each surface is vulnerable to specific attacks, such as indirect prompt injection, parameter injection, and memory poisoning to influence future actions. The content details these vulnerabilities with real-world examples and proposes specific defense strategies for each, including boundary sanitization, least-privilege permissions, and reasoning logging.