Saved in:
Bibliographic Details
Main Authors: Pirch, Lukas, Horlboge, Micha, Großmann, Patrick, Asif, Syeda Mahnur, Kireev, Klim, Holz, Thorsten, Rieck, Konrad
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.14932
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916012896550912
author Pirch, Lukas
Horlboge, Micha
Großmann, Patrick
Asif, Syeda Mahnur
Kireev, Klim
Holz, Thorsten
Rieck, Konrad
author_facet Pirch, Lukas
Horlboge, Micha
Großmann, Patrick
Asif, Syeda Mahnur
Kireev, Klim
Holz, Thorsten
Rieck, Konrad
contents Autonomous agents based on large language models (LLMs) are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic systems introduce substantial security risks by combining unconstrained capabilities with access to sensitive user data. In this work, we investigate the security of LLM-based agents through the lens of operating systems. We argue that both face strikingly similar challenges in isolating resources, separating privileges, and mediating communication. Guided by this perspective, we survey the current landscape of open-source agents, derive a unified agent architecture, and systematically analyze potential attack vectors. To validate this analysis, we conduct a case study evaluating four widely used OpenClaw-like agents. Even under modest attacker capabilities, we find that several protection mechanisms fail in practice and that secure operation requires detailed system knowledge and careful configuration. However, we also observe that while some agentic capabilities remain insecure by design, many vulnerabilities can be mitigated using well-established techniques from operating system security. We conclude with a set of recommendations for the secure design of agentic systems.
format Preprint
id arxiv_https___arxiv_org_abs_2605_14932
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Toward Securing AI Agents Like Operating Systems
Pirch, Lukas
Horlboge, Micha
Großmann, Patrick
Asif, Syeda Mahnur
Kireev, Klim
Holz, Thorsten
Rieck, Konrad
Cryptography and Security
Autonomous agents based on large language models (LLMs) are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic systems introduce substantial security risks by combining unconstrained capabilities with access to sensitive user data. In this work, we investigate the security of LLM-based agents through the lens of operating systems. We argue that both face strikingly similar challenges in isolating resources, separating privileges, and mediating communication. Guided by this perspective, we survey the current landscape of open-source agents, derive a unified agent architecture, and systematically analyze potential attack vectors. To validate this analysis, we conduct a case study evaluating four widely used OpenClaw-like agents. Even under modest attacker capabilities, we find that several protection mechanisms fail in practice and that secure operation requires detailed system knowledge and careful configuration. However, we also observe that while some agentic capabilities remain insecure by design, many vulnerabilities can be mitigated using well-established techniques from operating system security. We conclude with a set of recommendations for the secure design of agentic systems.
title Toward Securing AI Agents Like Operating Systems
topic Cryptography and Security
url https://arxiv.org/abs/2605.14932