Securing AI Agents on Devices by 2025: Key Findings from the New Report

On July 28, during the World Artificial Intelligence Conference (WAIC), the China Academy of Information and Communications Technology (CAICT) hosted the “Large Model Shaping Global Industry New Order Forum,” where Shanghai AI Lab, CAICT, Ant Group, and the IIFAA Alliance jointly released the research report “Terminal Agent Security 2025.”

The report is the first systematic review of AI agent risk classification, detection, and mitigation, covering single‑agent devices, multi‑agent collaboration, and the full challenges of the AI‑terminal ecosystem, providing a risk‑assessment guide for terminal agent security.

By 2025, accelerated large‑model deployment will see agents permeating phones, glasses, earphones, car systems and becoming the key hub linking people, devices, and environments across industries such as life, industry, healthcare, and education. These agents operate on the edge rather than purely in the cloud.

The report notes that as models better understand users and automate actions, risk surfaces expand beyond simple data leakage to include model behavior manipulation, identity forgery, environmental perception deception, and deeper algorithmic‑ethics issues.

CAICT’s East China Division AI director Chang Yongbo emphasized the need for security measures as AI agents become the “next‑generation operating system.” The report proposes three protection pathways: single‑agent security, trustworthy multi‑agent interconnection, and AI‑terminal security, serving as a comprehensive, actionable guide.

The newly proposed “Terminal Agent Security System” includes single‑agent safeguards such as security railings, data detoxification, base alignment, and flexible management; multi‑agent trustworthy interconnection technologies like trusted data flow, trusted service flow, trusted identity authentication, and trusted memory sharing; and AI‑terminal security techniques such as trusted privacy sandboxes and cross‑device trusted connections, supporting applications like AI/AR glasses, smart‑phone assistants, and intelligent vehicles.

Trustworthy interconnection hinges on four dimensions—trusted connection, trusted authentication, trusted intent, and trusted authorization—acting as a “security guard” for the agent world, securing identity verification, data transmission, demand processing, and result traceability.

The IIFAA Alliance, a co‑publisher of the report, works to create cross‑agent security standards and a collaborative ecosystem. Its technical lead Wan Xiaofei stresses that no single company can build a trustworthy AI‑terminal framework alone; ecosystem co‑construction is essential. In April, IIFAA launched the industry’s first Agent Security Link (ASL) technology, built on protocols such as MCP, to ensure secure, trustworthy collaboration among agents regarding permissions, data, and privacy.