Author(s)

Yiang Gao ¹, Shanshan Wu ²

Affiliation(s)

¹ China Telecom Research Institute, Shanghai, 201315, China
² China Telecom, Beijing, 100033, China

Corresponding Author

Yiang Gao

ABSTRACT

As artificial intelligence advances from "dialogue intelligence" to "decision intelligence," AI agents built upon Large Language Models (LLMs) are becoming a crucial force driving transformation across industries. However, their autonomous capabilities in perception, decision-making, memory, and execution introduce systemic security risks far beyond traditional LLM vulnerabilities. This paper presents a four-layer security governance framework covering the full Perception–Decision–Memory–Execution lifecycle to mitigate risks such as multi-source perception failures, decision hallucination, memory poisoning, and malicious execution. By systematically mapping each lifecycle phase to security requirements and controls, this framework provides theoretically grounded and practically applicable guidance for the trustworthy and secure development of AI agents.

KEYWORDS

AI agents; Security governance; Prompt injection; Memory poisoning; Autonomous agents; LLM safety; Tool security

CITE THIS PAPER

Yiang Gao, Shanshan Wu, A Four-Layer Security Governance Framework for LLM-Based AI Agents. Journal of Artificial Intelligence Practice (2025) Vol. 8: 49-55. DOI: http://dx.doi.org/10.23977/jaip.2025.080406.

REFERENCES

[1] Z. Li, H. Wang, and M. Chen, "Security of LLM-based agents regarding attacks, defenses, and applications: A comprehensive survey," Information Fusion, vol. 110, pp. 1–25, Jan. 2026.
[2] J. Patel, R. Gupta, and S. Kumar, "Security concerns for Large Language Models: A survey," Journal of Information Security and Applications, vol. 85, pp. 103–118, Dec. 2025.
[3] M. Rodriguez, T. Johnson, and A. Lee, "SpAIware: Uncovering a novel artificial intelligence attack vector through persistent memory in LLM applications and agents," Future Generation Computer Systems, vol. 162, pp. 44–59, Feb. 2026.
[4] Y. Zhang, Q. Liu, and L. Sun, "A-MemGuard: A proactive defense framework for LLM-based agent memory," arXiv preprint arXiv: 2510.02373, Oct. 2025.
[5] H. Ren, X. Zhao, and P. Wang, "BlindGuard: Safeguarding LLM-based multi-agent systems under unknown attacks," arXiv preprint arXiv: 2508.08127, Aug. 2025.
[6] A. Smith, D. Torres, and K. Patel, "Agent Security Bench (ASB): Formalizing and benchmarking attacks and defenses in LLM-based agents," arXiv preprint arXiv: 2410.02644, Oct. 2024.

Sponsors, Associates, and Links

---

• Power Systems Computation
  
  
• Internet of Things (IoT) and Engineering Applications
  
  
• Computing, Performance and Communication Systems
  
  
• Advances in Computer, Signals and Systems
  
  
• Journal of Network Computing and Applications
  
  
• Journal of Web Systems and Applications
  
  
• Journal of Electrotechnology, Electrical Engineering and Management
  
  
• Journal of Wireless Sensors and Sensor Networks
  
  
• Journal of Image Processing Theory and Applications
  
  
• Mobile Computing and Networking
  
  
• Vehicle Power and Propulsion
  
  
• Frontiers in Computer Vision and Pattern Recognition
  
  
• Knowledge Discovery and Data Mining Letters
  
  
• Big Data Analysis and Cloud Computing
  
  
• Electrical Insulation and Dielectrics
  
  
• Crypto and Information Security
  
  
• Journal of Neural Information Processing
  
  
• Collaborative and Social Computing
  
  
• International Journal of Network and Communication Technology
  
  
• File and Storage Technologies
  
  
• Frontiers in Genetic and Evolutionary Computation
  
  
• Optical Network Design and Modeling
  
  
• Journal of Virtual Reality and Artificial Intelligence
  
  
• Natural Language Processing and Speech Recognition
  
  
• Journal of High-Voltage
  
  
• Programming Languages and Operating Systems
  
  
• Visual Communications and Image Processing
  
  
• Journal of Systems Analysis and Integration
  
  
• Knowledge Representation and Automated Reasoning
  
  
• Review of Information Display Techniques
  
  
• Data and Knowledge Engineering
  
  
• Journal of Database Systems
  
  
• Journal of Cluster and Grid Computing
  
  
• Cloud and Service-Oriented Computing
  
  
• Journal of Networking, Architecture and Storage
  
  
• Journal of Software Engineering and Metrics
  
  
• Visualization Techniques
  
  
• Journal of Parallel and Distributed Processing
  
  
• Journal of Modeling, Analysis and Simulation
  
  
• Journal of Privacy, Trust and Security
  
  
• Journal of Cognitive Informatics and Cognitive Computing
  
  
• Lecture Notes on Wireless Networks and Communications
  
  
• International Journal of Computer and Communications Security
  
  
• Journal of Multimedia Techniques
  
  
• Automation and Machine Learning
  
  
• Computational Linguistics Letters
  
  
• Journal of Computer Architecture and Design
  
  
• Journal of Ubiquitous and Future Networks