AgenticCyOps: Securing Multi-Agentic AI Integration in Enterprise Cyber Operations

TL;DR

This paper presents AgenticCyOps, a comprehensive security framework for multi-agent AI systems in enterprise cyber operations, focusing on attack surface decomposition, trust boundaries, and defense principles to mitigate risks.

Contribution

It introduces a systematic architectural model for securing multi-agent AI integration in enterprises, emphasizing attack surface analysis and trust boundary formalization.

Findings

Addresses attack vectors through layered defense principles.

Intercepts 75% of attack chains in initial steps.

Reduces exploitable trust boundaries by at least 72%.

Abstract

Multi-agent systems (MAS) powered by LLMs promise adaptive, reasoning-driven enterprise workflows, yet granting agents autonomous control over tools, memory, and communication introduces attack surfaces absent from deterministic pipelines. While current research largely addresses prompt-level exploits and narrow individual vectors, it lacks a holistic architectural model for enterprise-grade security. We introduce AgenticCyOps (Securing Multi-Agentic AI Integration in Enterprise Cyber Operations), a framework built on a systematic decomposition of attack surfaces across component, coordination, and protocol layers, revealing that documented vectors consistently trace back to two integration surfaces: tool orchestration and memory management. Building on this observation, we formalize these integration surfaces as primary trust boundaries and define five defensive principles: authorized interfaces, capability scoping, verified execution, memory integrity & synchronization, and access-controlled data isolation; each aligned with established compliance standards (NIST, ISO 27001, GDPR, EU AI Act). We apply the framework to a Security Operations Center (SOC) workflow, adopting the Model Context Protocol (MCP) as the structural basis, with phase-scoped agents, consensus validation loops, and per-organization memory boundaries. Coverage analysis, attack path tracing, and trust boundary assessment confirm that the design addresses the documented attack vectors with defense-in-depth, intercepts three of four representative attack chains within the first two steps, and reduces exploitable trust boundaries by a minimum of 72% compared to a flat MAS, positioning AgenticCyOps as a foundation for securing enterprise-grade integration.