Security Attack and Defense Strategies for Autonomous Agent Frameworks: A Layered Review with OpenClaw as a Case Study

A comprehensive academic survey examines security vulnerabilities and defense mechanisms across four operational layers of autonomous agent frameworks built on large language models. The research identifies how threats propagate across layers—from input manipulation through unsafe actions to ecosystem-level impacts—highlighting critical gaps in current security approaches as these systems become increasingly complex and integrated.

The emergence of autonomous agent frameworks represents a fundamental shift in AI system architecture, moving beyond simple language model interactions toward persistent, tool-integrated systems that operate continuously with external dependencies. This academic survey addresses a critical blind spot: while individual security vulnerabilities in LLMs have received attention, the systemic risks arising from multi-layered agent ecosystems remain poorly understood. The research's layered approach—examining context, instruction, tool, action, state, persistence, and ecosystem dimensions—reveals that security threats no longer operate in isolation but cascade across system boundaries.

This work arrives at a crucial inflection point. As enterprises increasingly deploy autonomous agents for financial operations, data management, and automated decision-making, understanding attack surfaces becomes economically essential. The threat propagation concept is particularly significant: a single prompt injection could contaminate persistent state, trigger unsafe tool actions, and compromise ecosystem participants. For cryptocurrency and decentralized finance applications, where autonomous agents increasingly manage smart contracts and execute trades, these vulnerabilities pose material risk to user funds and protocol integrity.

The identified research imbalances and weak ecosystem trust models suggest the industry is building critical infrastructure without adequate defensive foundations. Developers deploying autonomous agents in production environments face gaps between academic understanding and practical security implementations. The absence of long-horizon evaluation frameworks means potential vulnerabilities may remain dormant until real-world exploitation occurs. For stakeholders in AI and crypto convergence spaces—where autonomous agents increasingly govern treasury management and algorithmic trading—this survey signals that current security assumptions may prove inadequate as these systems scale.

• →Security risks in autonomous agent frameworks propagate across four distinct layers, from input manipulation to ecosystem-wide contamination.
• →Current security research remains fragmented across individual layers without addressing cross-layer threat propagation mechanisms.
• →Weak ecosystem trust models and absent long-horizon evaluation frameworks leave production autonomous agent systems vulnerable to undiscovered attacks.
• →Autonomous agents in crypto and DeFi applications face heightened risk due to financial impact of compromised tool actions and persistent state corruption.
• →Systematic, integrated defense strategies across all layers are needed before widespread production deployment of autonomous agent systems.