TL;DR
Lancaster University researchers analyzed 9,100 AI security studies for the UK government, revealing critical blind spots in agentic AI security research as new models accelerate deployment.
A government-commissioned review of AI security literature has uncovered significant gaps in protecting next-generation artificial intelligence systems, with Lancaster University researchers identifying critical vulnerabilities as agentic AI models proliferate across industries. The team analyzed over 9,100 peer-reviewed sources since 2020 using data-driven techniques, revealing five key areas where security research lags behind technological advancement. Their findings underscore that securing AI extends beyond model integrity to encompass entire system lifecycles, a reality growing more urgent as AI adoption accelerates globally.
The review, led by Professor Nick Race and Dr. Edward Austin at Lancaster's School of Computing and Communications, was commissioned by the UK's Department for Science, Innovation and Technology to guide national research priorities. Agentic AI systems—autonomous models capable of independent decision-making—emerged as the most under-researched threat vector, with security protocols struggling to keep pace with capabilities. The team's analysis quantified gaps in adversarial robustness, supply chain integrity, and cross-system interaction security, areas critical for deploying AI in high-stakes domains like healthcare and finance.
The findings arrive amid a surge in AI model releases, with new systems like OpenAI's GPT-5.6 family and Anthropic's Claude Sonnet 5 pushing boundaries in reasoning and cost efficiency. These models, often deployed in autonomous agents, introduce attack surfaces previously unaddressed in security literature. For instance, while traditional AI security focuses on input manipulation or model extraction, agentic systems face novel threats from prompt injection, tool misuse, and emergent behavior exploitation—all areas with sparse academic coverage according to the review.
The research highlights that current security frameworks inadequately address the dynamic nature of AI systems. Unlike static software, AI models evolve through continuous learning and interaction, creating vulnerabilities that shift during deployment. The team found that only 12% of security studies examined post-deployment risks, despite agentic systems increasingly operating in open environments. This gap is particularly concerning for applications in medicine or autonomous vehicles, where delayed threat detection could have life-or-death consequences.
Historically, AI security has focused on model-level defenses, but the rise of agentic architectures demands a paradigm shift. The review notes parallels to early cybersecurity challenges in the 1990s, where perimeter-based defenses failed against evolving threats. Just as network security evolved to embrace zero-trust models, AI security now requires lifecycle-centric approaches integrating pre-deployment testing, runtime monitoring, and adaptive response mechanisms. The team recommends prioritizing research into AI-specific attack surfaces, including multi-agent coordination exploits and data poisoning in federated learning setups.
The implications extend beyond academia. As AI becomes embedded in critical infrastructure, the identified gaps could enable sophisticated attacks targeting decision-making pipelines rather than individual models. For example, an adversary might exploit weak supply chain security to introduce backdoors during model training, or manipulate agentic systems through carefully crafted environmental inputs. The review stresses that addressing these issues requires collaboration between researchers, policymakers, and industry—a need underscored by recent investments like Anthropic's $10 million CAD commitment to Canadian AI safety research.
The convergence of rapid AI advancement and lagging security research creates a paradox: systems capable of autonomous action are being deployed without robust safeguards against their unique failure modes. As Lancaster's team notes, the window for proactive research is narrowing. Will the AI community prioritize security as a foundational element rather than an afterthought before the next generation of agentic systems becomes ubiquitous?
FAQ
What are the five key AI security research gaps identified by Lancaster researchers?
The review highlights deficiencies in agentic AI threat modeling, adversarial robustness for autonomous systems, supply chain security for AI components, cross-system interaction vulnerabilities, and post-deployment monitoring frameworks.
How many AI security papers did Lancaster analyze for this study?
The team reviewed over 9,100 peer-reviewed sources published between 2020 and 2026 using automated theme extraction and gap quantification methods.
Why are agentic AI systems particularly vulnerable according to the research?
Agentic systems introduce novel attack surfaces through autonomous decision-making, tool usage, and environmental interaction—capabilities that outpace existing security paradigms designed for static models.
What recommendations did Lancaster make for addressing AI security gaps?
The researchers advocate for lifecycle-centric security frameworks, increased funding for AI-specific threat research, and cross-sector collaboration between academia, industry, and policymakers to develop adaptive defense mechanisms.
About the Author
Guilherme A.
Former dentist (MD) from Brazil, 41 years old, husband, and AI enthusiast. In 2020, he transitioned from a decade-long career in dentistry to pursue his passion for technology, entrepreneurship, and helping others grow.
Connect on LinkedIn