SoK: Attack and Defense Landscape of Agentic AI Systems

AI agents that combine large language models with non-AI system components are rapidly emerging in real-world applications, offering unprecedented automation and flexibility. However, this unprecedented flexibility introduces complex security challenges that differ from those found in traditional software systems. This paper presents the first comprehensive systematization of knowledge on AI agent security, including an analysis of agents' design space, attack landscape, and defense mechanisms for secure AI agent systems. We further identify open challenges that point to promising directions for future research in this emerging domain. Our work introduces the first systematic framework for understanding the security risks and defense landscapes of AI agents, serving as a foundation for building both secure agentic systems and advancing research in this critical area.