Toward Securing AI Agents Like Operating Systems

TL;DR

This paper examines security challenges in LLM-based autonomous agents by drawing parallels with operating systems, analyzing vulnerabilities, and proposing security best practices.

Contribution

It introduces a unified agent architecture, systematically analyzes attack vectors, and offers security recommendations inspired by OS security techniques.

Findings

Several protection mechanisms fail under modest attacker capabilities.

Secure operation requires detailed system knowledge and careful configuration.

Many vulnerabilities can be mitigated using established OS security techniques.

Abstract

Autonomous agents based on large language models (LLMs) are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic systems introduce substantial security risks by combining unconstrained capabilities with access to sensitive user data. In this work, we investigate the security of LLM-based agents through the lens of operating systems. We argue that both face strikingly similar challenges in isolating resources, separating privileges, and mediating communication. Guided by this perspective, we survey the current landscape of open-source agents, derive a unified agent architecture, and systematically analyze potential attack vectors. To validate this analysis, we conduct a case study evaluating four widely used OpenClaw-like agents. Even under modest attacker capabilities, we find that several protection mechanisms fail in practice and that secure operation requires detailed system knowledge and careful configuration. However, we also observe that while some agentic capabilities remain insecure by design, many vulnerabilities can be mitigated using well-established techniques from operating system security. We conclude with a set of recommendations for the secure design of agentic systems.