Skip to main content
TopAIThreats home TOP AI THREATS
AI Capability

Agent Framework

A software library or platform that provides the infrastructure for building AI agents — autonomous systems that use large language models to reason, plan, and execute multi-step tasks by invoking tools, managing memory, and coordinating with other agents. Common examples include LangChain, AutoGen, CrewAI, and the OpenAI Agents SDK.

Agentic Systems

Definition

An agent framework is a software development toolkit that provides the scaffolding for building AI agents: systems that use LLMs as reasoning engines to plan and execute multi-step tasks. Agent frameworks typically provide: tool integration (connecting the LLM to external APIs, databases, and code execution), memory management (maintaining context across interactions and sessions), orchestration logic (managing the loop of reasoning → action → observation), and multi-agent coordination (enabling multiple agents to collaborate or delegate tasks). The framework abstracts away the low-level implementation details of agentic behaviour, allowing developers to focus on defining agent capabilities, tool access, and task objectives.

How It Relates to AI Threats

Agent frameworks are a key enabler and amplifier of threats within the Agentic and Autonomous Threats domain. The security properties of an agentic AI system depend heavily on how the framework handles tool permissions, input validation, memory isolation, and inter-agent communication. Vulnerabilities in agent frameworks — insecure default configurations, insufficient tool-calling validation, overly permissive memory sharing — propagate to every application built on them. A vulnerability in a popular agent framework can affect thousands of deployed AI agents simultaneously, creating systemic risk analogous to software supply chain vulnerabilities.

Why It Occurs

  • Building agentic AI systems from scratch is complex, creating demand for reusable frameworks
  • The rapid growth of LLM capabilities has driven a proliferation of framework options (LangChain, LlamaIndex, AutoGen, CrewAI, Semantic Kernel, OpenAI Agents SDK)
  • Open-source availability accelerates adoption but also exposes framework vulnerabilities to adversarial analysis
  • The competitive pressure to add features (more tool types, more agent coordination patterns) often outpaces security hardening
  • Framework abstractions can obscure the security implications of agent configurations from developers

Real-World Context

Agent frameworks power a growing share of production AI applications, from customer service automation to software engineering assistants to enterprise workflow agents. Security researchers have demonstrated vulnerabilities in multiple popular frameworks, including prompt injection propagation through agent chains, insecure default tool permissions, and memory poisoning attacks that persist across sessions. The OWASP Top 10 for LLM Applications addresses framework-level risks under LLM07 (Insecure Plugin Design) and LLM08 (Excessive Agency). Best practices include framework-level input validation, least-privilege tool configuration, and audit logging of all agent actions.

Related Threat Patterns

Prompt Injection Attack Security & Cyber

Related Terms

Agentic AI Function Calling Model Context Protocol Multi-Agent System
← Back to Glossary → Taxonomy → All Domains

Last updated: 2026-04-03