Enterprise Security in the Agentic AI Era

Securing Agentic AI Systems — A Multilayer Security Framework (Arora & Hastings, arXiv 2025)

2 min read

Securing Agentic AI Systems — A Multilayer Security Framework — Source Summary

The arXiv preprint that introduced the MAAIS framework (2025-12-19). Authored by Sunil Arora and John Hastings; subject categories cs.CR / cs.AI / cs.CY; preprint, no journal reference.

What

A seven-layer defense-in-depth security framework for agentic AI systems, paired with an explicit augmentation of the classical CIA security triad to CIAA (adding Accountability). The seven layers are: Infrastructure, Data, Model, Agent Execution & Control, Accountability & Trustworthiness, User & Access Management, Monitoring & Audit. Validation is via mapping each of MITRE ATLAS’s twelve adversarial tactics to the responsible layer(s).

Methodology

Design Science Research (DSR) framing: problem identification → objective definition → artifact design → evaluation. Primary qualitative method is systematic literature review (SLR) of work published from 2022 onward on AI security, agentic AI, AI agents, and agentic AI risks. Validation is the MITRE ATLAS tactic-level coverage exercise.

Why this matters to the wiki

  • CIAA framing is the cleanest single contribution and is referenced inline on the CMM’s D1 (Governance & Accountability) as the foundation principle. CIA + Accountability gives the wiki a memorable shorthand for the agentic-AI extension of the classical security triad.
  • Comparative framework — MAAIS is now the fourth multi-layer framework documented in the wiki (alongside CSA MAESTRO, the wiki’s CMM, and the AWS Scoping Matrix). The framework page contains a side-by-side comparison.
  • Stickiness assessment at 5 months out: CIAA framing is moderately sticky; MAAIS as a name is unlikely to propagate; the seven-layer structure is convergent in shape but distinct in content cuts from MAESTRO and the CMM.

Key terms (from the source)

  • MAAIS — Multilayer Agentic AI Security framework. The paper’s named contribution.
  • CIAA — Confidentiality, Integrity, Availability, Accountability. Augmentation of CIA for agentic systems.
  • DSR — Design Science Research methodology. Standard IS research framing the paper uses.

Limitations (per the framework page)

Tactic-level (not technique-level) ATLAS validation; no threat enumeration per layer; no treatment of Lethal Trifecta, indirect prompt injection, MCP / A2A risks, or promptware; no agency-vs-autonomy distinction; light identity / NHI treatment.

See also

The full structural analysis — seven layers, ATLAS mapping table, cross-walk to wiki ladders, comparison with MAESTRO / CMM / AWS — lives at the framework page. This source summary is provenance; cite the framework page for substantive claims.

Graph View

Backlinks