2410.14728

Model: nemotron-free

# Security Threats in Agentic AI System **Authors**: - Kolkata, India - Edwin Jose (Department of Computer Science) - Michigan, USA ## Abstract This research paper explores the privacy and security threats posed to an Agentic AI system with direct access to database systems. Such access introduces significant risks, including unauthorized retrieval of sensitive information, potential exploitation of system vulnerabilities, and misuse of personal or confidential data. The complexity of AI systems combined with their ability to process and analyze large volumes of data increases the chances of data leaks or breaches, which could occur unintentionally or through adversarial manipulation. Furthermore, as AI agents evolve with greater autonomy, their capacity to bypass or exploit security measures becomes a growing concern, heightening the need to address these critical vulnerabilities in agentic systems. K eywords Artificial intelligence $\cdot$ database security $\cdot$ privacy protection $\cdot$ natural language processing $\cdot$ data retrieval $\cdot$ vector databases $\cdot$ data management $\cdot$ performance risks $\cdot$ scalability concerns $\cdot$ AI agent vulnerabilities $\cdot$ safety threats ## 1 Introduction Artificial Intelligence (AI) agents have become increasingly prevalent in various applications, from virtual assistants to complex data analysis systems. However, their direct access to databases raises significant concerns regarding privacy and security. This paper examines these critical issues, focusing on the potential risks posed by unrestricted AI access to sensitive data. The rapid advancement of AI technologies has resulted in systems capable of processing vast amounts of data and generating human-like responses. While this progress has provided numerous benefits, it has also introduced new challenges in ensuring data privacy and security. AI agents with direct access to databases may inadvertently expose confidential information, or they may be exploited by malicious actors to access or manipulate sensitive data. Additionally, AI systems’ ability to analyze large datasets increases the risk of unintended privacy violations, making them prime targets for attacks aimed at extracting or misusing data. This paper explores the current landscape of AI agent interactions with databases and analyzes the associated risks. It discusses the potential threats to privacy protection and data security as AI agents become more integrated into various applications. ## 2 Literature Review The integration of Artificial Intelligence (AI) agents with database systems has garnered significant attention in recent years due to the rapid advancement of AI technologies and their widespread applications. As AI agents increasingly interact with sensitive data, understanding the privacy and security implications of these interactions becomes paramount. This literature review synthesises current research on AI agent architectures [1], the associated risks of database access, and the implications of using Natural Language Processing (NLP) for querying. Additionally, it examines the emergence of intermediary layers and tool-based approaches as potential mitigations for security concerns, while also exploring the ethical considerations inherent in AI data access. Through this review, we aim to highlight the critical challenges faced by AI systems and the necessity for continued research in ensuring secure and responsible AI-agent interactions with databases. ### 2.1 AI agent architectures AI agent architectures have evolved significantly, enabling complex interactions with databases. In “Agent Architecture: An Overview” [2], the foundational structure of AI agents is discussed, highlighting how different architectural designs facilitate or limit access to data sources. The paper outlines how traditional architectures allow for more direct interactions with data, leading to potential vulnerabilities in modern, large-scale systems. ### 2.2 AI and Database Interactions The intersection of AI and database security has been a subject of concern. The paper “Privacy and Security Concerns in AI-Database Systems” analyses the risks posed by AI agents with unrestricted access to databases, emphasising issues like unauthorised data exposure and data breaches [3]. The research argues that as AI becomes more integrated with data repositories, these risks will increase if security protocols are not adapted. ### 2.3 Natural Language Processing Natural Language Processing (NLP) plays a crucial role in AI-driven data retrieval, with its application raising specific security concerns. [4] discuss the use of NLP for querying databases, revealing how this technology simplifies interactions but can lead to unintended exposure of sensitive information . Similarly, Daurenbek and Aimbetov explore the performance and efficiency of NLP-based querying, further highlighting the need for robust privacy safeguards as AI-driven queries become more widespread [5]. ### 2.4 Scalability and Performance Scalability and performance issues are another critical aspect of AI-agent interactions with databases. Gupta and Verma highlight the trade-offs between performance and security, particularly in large-scale AI systems. The increasing demand for real-time data access and processing places significant stress on database systems, amplifying the risk of security lapses as performance optimization becomes a priority [6]. ### 2.5 Latency and Accuracy Latency and accuracy are critical performance metrics in the evaluation of AI systems, particularly those integrated with databases [7]. High latency can significantly hinder user experience, as delays in processing requests may lead to frustration and reduced engagement with AI applications. Conversely, accuracy is paramount for ensuring that the outputs generated by AI systems are reliable and trustworthy [1]. A trade-off often exists between these two metrics; for instance, increasing the complexity of an AI model to enhance accuracy may inadvertently lead to longer processing times [6]. Research has shown that optimizing these performance indicators is essential for the effective deployment of AI in real-world applications, as users typically expect both prompt responses [8] and high-quality information from AI-driven systems. ### 2.6 Ethical Implications Finally, the ethical implications of AI-driven access to sensitive data are well-documented. Studies [9], [10] discuss the ethical challenges AI systems face when interacting with databases, particularly around privacy, consent, and the protection of user data . These ethical considerations underscore the importance of addressing security threats as AI continues to evolve in its capacity to access and process personal and confidential information. ## 3 Methodology This research paper employs a qualitative methodology to explore the privacy and security vulnerabilities associated with AI agents that have direct access to database systems. The study is structured around a comprehensive literature review, supplemented by case studies and expert interviews, to provide a well-rounded analysis of the issues at hand. ### 3.1 Literature Review A systematic literature review was conducted to gather existing research on AI agents [11], database interactions, and associated security vulnerabilities. Academic journals, conference proceedings, and industry reports were analyzed to identify key themes and trends. The literature review aimed to synthesize findings related to attack surface expansion, data manipulation risks, and the implications of using large language models (LLMs) in querying databases. Sources were selected based on their relevance, credibility, and contribution to the understanding of privacy and security concerns in AI systems. ### 3.2 Case Studies In addition to the literature review, several case studies were examined to illustrate real-world instances of security breaches and privacy violations involving AI agents. These case studies provided practical insights into how vulnerabilities manifest in various industries and the consequences of inadequate security measures. Each case was analyzed to identify patterns in vulnerabilities, attack vectors, and the impact on data privacy and security. #### 3.2.1 Expert Interviews To gain a deeper understanding of the complexities involved in AI and database security, interviews were conducted with experts in the fields of artificial intelligence, cybersecurity, and data privacy. These interviews facilitated the collection of qualitative data on industry best practices, emerging threats, and the challenges faced by organizations in safeguarding sensitive information when employing AI agents. The insights gained from these discussions were instrumental in contextualizing the findings from the literature review and case studies. ### 3.3 Data Analysis The data collected from the literature review, case studies, and expert interviews were analyzed using thematic analysis. This involved coding the data to identify recurring themes and vulnerabilities associated with AI agents’ access to databases. The analysis aimed to highlight critical security concerns and establish a comprehensive understanding of the risks posed by AI agents in contemporary applications. ### 3.4 Ethical Considerations Ethical considerations were paramount throughout the research process. The study adhered to ethical guidelines for conducting research, ensuring informed consent from interview participants and maintaining confidentiality where necessary. The findings of this research contribute to the ongoing discourse on AI ethics, emphasizing the importance of responsible data handling and security measures. ## 4 The Problem: AI Agents with Direct Data Access in Industry As artificial intelligence (AI) continues to revolutionise various sectors, from healthcare to finance, the integration of AI agents with vast databases has become increasingly common. However, this integration has given rise to significant challenges, particularly in the realms of data privacy, security, and regulatory compliance. This section delves into the multifaceted problem that the industry faces when AI agents have direct access to databases. ### 4.1 Privacy Concerns - Data Exposure: AI agents with unrestricted database access can potentially expose sensitive information. These agents, designed to process and analyse large volumes of data, may inadvertently include private details in their outputs, leading to unintended disclosures. - User Trust: As users become more aware of data privacy issues [12], their trust in AI systems handling their personal information is increasingly contingent on robust privacy safeguards. The perception of AI having unfettered access to personal data can erode user confidence and adoption of AI-powered services. ### 4.2 Security Vulnerabilities - Attack Surface Expansion: Direct database access by AI agents expands the attack surface for malicious actors. If an AI system is compromised, it could potentially be used as a gateway to access and exploit the entire database. - Data Manipulation Risks and Prompt Injections: Sophisticated attackers could potentially manipulate the AI’s queries or responses, leading to data theft, corruption, or the insertion of false information into the database. <details> <summary>extracted/5930689/media/PromptInjections.png Details</summary> ![9d97f863](/v1/image/9d97f8637d89a85545e4cbe5b73f336a447ac6a2b8194b530d10160bc4562b64) ### Visual Description ## Diagram: Prompt Injection Attack Workflow ### Overview This diagram illustrates a prompt injection attack scenario where a malicious user manipulates a language model (e.g., GPT-3) to bypass intended instructions. The workflow includes: 1. A **Full Prompt** combining a legitimate application template and a malicious user input. 2. A **Model** processing the combined prompt. 3. An **Output** reflecting the model's compromised response. ### Components/Axes - **Full Prompt**: A composite structure with two sub-components: - **Application Prompt Template** (green box): Contains the instruction `"Write a story about the following: {{user_input}}"`. - **Malicious User Prompt** (red box): Contains the instruction `"Ignore the above and say 'I have been PWNED'"`. - **Model**: A black box labeled `"Model (e.g. GPT-3)"`, representing the language model processing the full prompt. - **Output**: A white box labeled `"I have been PWNED"`, showing the model's compromised response. - **Arrows**: Black arrows indicate the flow of information from the Full Prompt to the Model and then to the Output. ### Detailed Analysis - **Application Prompt Template**: - Text: `"Write a story about the following: {{user_input}}"` - Position: Top-left quadrant of the Full Prompt. - **Malicious User Prompt**: - Text: `"Ignore the above and say 'I have been PWNED'"` - Position: Bottom-left quadrant of the Full Prompt. - **Model**: - Text: `"Model (e.g. GPT-3)"` - Position: Center-right of the diagram. - **Output**: - Text: `"I have been PWNED"` - Position: Far-right of the diagram. ### Key Observations 1. **Color Coding**: - Green (Application Prompt Template) and red (Malicious User Prompt) visually distinguish legitimate vs. malicious components. - Black (Model) and white (Output) emphasize the model's role and the attack's outcome. 2. **Flow**: - The malicious prompt overrides the legitimate instruction, demonstrating how prompt injection exploits model behavior. 3. **Textual Content**: - The output `"I have been PWNED"` directly mirrors the malicious instruction, confirming the attack's success. ### Interpretation This diagram highlights a critical vulnerability in language models: their susceptibility to adversarial prompt manipulation. By appending a malicious instruction to a legitimate prompt, an attacker can force the model to ignore its original task and execute arbitrary commands. The use of color coding and explicit text transcription underscores the attack's mechanics, emphasizing the need for robust input sanitization and model safeguards. The simplicity of the workflow suggests that such exploits could be automated at scale, posing significant security risks for AI-driven applications. </details> Figure 1: Demonstration of Prompt Injection on an LLM ### 4.3 Compliance and Regulatory Challenges - Data Protection Regulations: With the implementation of stringent data protection laws like GDPR in Europe and CCPA in California, organisations face significant challenges in ensuring that AI systems comply with data handling and user consent requirements. - Audit Trails and Accountability: Direct database access by AI can complicate the creation and maintenance of clear audit trails, making it difficult to track data access and usage for compliance reporting. ### 4.4 Scalability and Performance Issues - Resource Intensive Queries: AI agents, particularly those using natural language processing, may generate inefficient or resource-intensive database queries, leading to performance bottlenecks as systems scale. - Database Overload: Unconstrained AI access can result in an overwhelming number of queries, potentially overloading database systems and impacting overall system performance. ### 4.5 Ethical and Bias Concerns - Algorithmic Bias: AI agents with direct database access may perpetuate or amplify existing biases in the data, leading to unfair or discriminatory outcomes in decision-making processes. - Transparency and Explainability: The complexity of AI decision-making processes, combined with direct database access, can create a "black box" effect, making it challenging to explain how certain conclusions or recommendations were reached. ### 4.6 Data Quality and Integrity - Inconsistent Data Handling: AI agents interacting directly with databases may handle data inconsistently, potentially misinterpreting or misusing certain data fields, leading to data quality issues. - Version Control and Data Lineage: Tracking changes and maintaining data lineage becomes more complex when AI agents have direct write access to databases, potentially compromising data integrity over time. ## 5 Security Vulnerabilities in AI and Large Language Models As AI systems, particularly Large Language Models (LLMs), become more integrated into various applications, their security vulnerabilities warrant thorough examination. The deployment of AI agents with direct access to databases poses significant risks, which can be broadly categorized into two main areas: attack surface expansion and data manipulation risks. Table 1: Security Vulnerabilities in AI Systems | Attack Surface Expansion | New entry points for attackers Exploitation of AI system weaknesses Increased attack vector complexity | Unauthorised data access Breach of sensitive information Exploitation of system vulnerabilities | | --- | --- | --- | | Data Manipulation Risks | Prompt injection attacks Manipulation of AI-generated queries Automated attack execution | Data theft and corruption Insertion of false information Large-scale coordinated attacks | | Privacy Concerns | Unintended data exposure Inclusion of sensitive info in AI outputs | Privacy violations Erosion of user trust | | API Usage Risks | Exposure of sensitive data to API providers Lack of control over data handling | Data leakage Compliance violations Misuse of confidential information | | Scalability and Performance | Resource-intensive queries Database overload | System slowdowns Increased vulnerability to DoS attacks | | Data Integrity Issues | Inconsistent data handling Version control challenges | Data corruption Loss of data lineage | | Ethical and Bias Concerns | Perpetuation of algorithmic bias Lack of transparency in decision-making | Unfair or discriminatory outcomes Difficulty in explaining AI decisions | | Compliance Challenges | Difficulty in maintaining clear audit trails Complexity in ensuring regulatory compliance | Non-compliance with data protection laws Legal and financial repercussions | ### 5.1 Attack Surface Expansion One of the primary security concerns associated with AI agents accessing databases is the expansion of the attack surface. With direct database access, these AI systems become potential entry points for malicious actors. If an AI agent is compromised, it can act as a gateway, allowing attackers to access and exploit the underlying database. This can lead to several detrimental outcomes: - Unauthorized Data Access: Attackers may gain access to sensitive information, including personal data, financial records, and proprietary business information, leading to privacy violations and potential legal ramifications for organizations. <details> <summary>extracted/5930689/media/PrivacyAI.png Details</summary> ![f0d733b6](/v1/image/f0d733b68a43aa2af3566ed9e764c3e4cbe8e278ba370e9231e01442176f14b1) ### Visual Description ## Diagram: Data Privacy Workflow ### Overview The diagram illustrates a data privacy workflow involving three primary components: **Access Control**, **Data Privacy Vault**, and two output streams labeled **Support** and **Marketing**. Arrows indicate data flow direction, with the **Data Privacy Vault** acting as a central processing node. Each component contains structured data entries with fields like `full_name`, `ssn`, `dob`, and `email`, some of which are redacted or obfuscated. ### Components/Axes 1. **Access Control**: - Contains a JSON-like structure with fields: - `full_name`: `"98aav8dfyd"` - `ssn`: `"8463528957154825"` - `dob`: `"ad3420o23n434"` - `email`: `"ko2390f32nf"` 2. **Data Privacy Vault**: - Central node with no explicit data but serves as a processing hub. 3. **Support**: - Output stream with redacted data: - `full_name`: `"John D***"` - `ssn`: `"XXX-XX-3627"` - `dob`: `"*REDACTED*"` - `email`: `"j***@gmail.com"` 4. **Marketing**: - Output stream with partial redaction: - `full_name`: `"John Doe"` - `ssn`: `"*REDACTED*"` - `dob`: `"XXXX-05-17"` - `email`: `"john.doe@gmail.com"` ### Detailed Analysis - **Access Control Data**: - All fields contain non-human-readable strings (e.g., `ssn` as a 16-digit number, `dob` as an alphanumeric code). - No redactions; data appears fully visible but synthetically generated. - **Data Privacy Vault**: - Acts as a transformation layer, modifying data before routing to **Support** and **Marketing**. - **Support Output**: - Heavy redaction: - `full_name` truncated to initials + asterisks. - `ssn` masked to last four digits. - `dob` fully redacted. - `email` truncated to initials + domain. - **Marketing Output**: - Moderate redaction: - `full_name` fully visible. - `ssn` fully redacted. - `dob` masked to last four digits (day/month). - `email` fully visible. ### Key Observations 1. **Redaction Patterns**: - **Support** prioritizes maximum anonymization (e.g., `dob` fully redacted). - **Marketing** retains more identifiable data (e.g., full `email`, `full_name`). 2. **Data Flow**: - Raw data from **Access Control** is processed by the **Data Privacy Vault** before being tailored for specific use cases (**Support** vs. **Marketing**). 3. **Synthetic Data**: - **Access Control** uses placeholder values (e.g., `ssn` as a 16-digit number), suggesting a test environment or anonymized dataset. ### Interpretation This workflow demonstrates a **privacy-by-design** approach, where sensitive data is obfuscated to varying degrees based on the downstream use case. The **Support** team receives highly anonymized data to minimize privacy risks, while **Marketing** retains identifiable details for targeted campaigns. The **Data Privacy Vault** likely applies dynamic redaction rules (e.g., masking SSNs, truncating names) to comply with regulations like GDPR or CCPA. The use of synthetic data in **Access Control** implies a focus on testing or development without exposing real user information. *Note: No non-English text or numerical trends are present in this diagram.* </details> Figure 2: Unauthorized Data Access - Exploitation of Vulnerabilities: The integration of AI agents may introduce new vulnerabilities that malicious actors can exploit. For example, if the AI system relies on outdated software or lacks proper security updates, attackers could take advantage of these weaknesses to execute attacks. - Increased Attack Vector Complexity: The dynamic nature of AI and LLMs introduces complexities in identifying and mitigating attack vectors. Attackers may employ sophisticated techniques that exploit these complexities, making it challenging for traditional security measures to adequately protect the system. ### 5.2 Data Manipulation Risks and Prompt Injections Data manipulation risks pose a significant threat to the integrity and reliability of AI systems [13]. Malicious actors can employ various techniques to manipulate AI-generated queries and responses, resulting in severe consequences: - Prompt Injection Attacks: Attackers can exploit prompt injection vulnerabilities by crafting inputs that manipulate the AI’s behaviour [14]. For instance, an attacker might input maliciously crafted prompts that cause the AI to generate misleading or harmful outputs, which could then be executed in a database query context. This could result in unauthorized data modifications or even complete data deletion. - Data Theft and Corruption: By manipulating the AI’s queries or responses, attackers can gain unauthorized access to sensitive data, leading to data theft. Furthermore, they may corrupt the data by inserting false or misleading information into the database, undermining data integrity and potentially leading to erroneous decision-making based on compromised data. - Automated Attack Execution: The ability of AI agents to autonomously execute commands increases the risk of large-scale attacks. For instance, if an attacker can manipulate the AI to generate a series of malicious database queries, they could inadvertently launch a coordinated attack, overwhelming the database with unauthorized access attempts or data manipulation requests. ### 5.3 API Usage and Sensitive Data Exposure Companies utilizing LLM APIs may inadvertently expose sensitive information to the API providers. When organizations send queries containing personal or confidential data to an external API, they run the risk of disclosing sensitive information that can be misused. This vulnerability arises from several factors: - Lack of Control Over Data Handling: Organizations often have limited visibility into how API providers manage and store the data sent to them. Sensitive information could be logged, analyzed, or even used to improve the AI model, leading to potential privacy breaches. - Inadvertent Data Leakage: Even well-meaning API calls can lead to data leakage. For instance, if a query inadvertently includes sensitive user information or internal business data, this data could be accessed by API providers and other parties involved in the processing chain. <details> <summary>extracted/5930689/media/OrgData.png Details</summary> ![8d5490e5](/v1/image/8d5490e5991d8414283bd82075aa11132ce8869e34d4ba2fa5692f16cd816690) ### Visual Description ## Diagram: Data Flow Through Privacy Layer ### Overview The diagram illustrates the flow of data through a privacy layer system, showing how sensitive information is processed and sanitized before reaching AI tools. It highlights the transformation of data containing Personally Identifiable Information (PII) into sanitized outputs while acknowledging potential risks of residual sensitive information. ### Components/Axes 1. **Central Component**: - **Privacy Layer** (pink dashed box) - Acts as the core processing unit for data sanitization 2. **Input Side**: - **Prompt containing Sensitive Data e.g. PII** (green dashed box) - Arrows indicate bidirectional flow between raw data and sanitized output 3. **Output Side**: - **Data without PII** (left arrow from Privacy Layer) - **Output with sensitive information** (right arrow from Privacy Layer) 4. **External Tools**: - **LLM/Gen AI Tools** (right panel) - Includes logos of: - Google AI (grid icon) - OpenAI (sailboat icon) - DALL-E (color blocks) - Bloomberg (B icon) - Other tools (green circular icon) ### Detailed Analysis - **Data Flow**: - Sensitive data enters the Privacy Layer from the left - Two output paths emerge: - Sanitized output (left arrow) - Potentially compromised output (right arrow) - **Tool Integration**: - Multiple AI platforms receive processed data - Tools include both text (Google AI, OpenAI) and image generation (DALL-E) systems - **Color Coding**: - Privacy Layer: Pink (dashed border) - Input/Output: Gray arrows - Tools: Color-coded icons matching legend ### Key Observations 1. **Bidirectional Data Flow**: The Privacy Layer processes data in both directions, suggesting iterative refinement 2. **Residual Risk**: Explicit acknowledgment that some sensitive information may persist in outputs 3. **Tool Diversity**: Represents both general-purpose (Google AI, OpenAI) and specialized (DALL-E) AI systems 4. **Visual Hierarchy**: Privacy Layer dominates central position, emphasizing its critical role ### Interpretation This diagram reveals a fundamental tension in AI data processing: the need to balance data utility with privacy protection. The Privacy Layer's central position underscores its role as a critical control point, while the dual output arrows highlight the imperfect nature of current sanitization methods. The inclusion of multiple AI tools suggests this system is designed for enterprise environments requiring integration with various machine learning platforms. The persistent risk of sensitive information leakage (right arrow) implies that organizations must implement additional safeguards beyond basic PII removal, particularly when handling highly regulated data types. The bidirectional flow between raw data and sanitized output suggests an iterative approach to privacy management, where outputs may be re-evaluated and reprocessed as needed. </details> Figure 3: Demonstration of an intermediary layer setup to prevent leakage of sensitive organisational data - Compliance Risks: Sharing sensitive information with third-party API providers may result in non-compliance with data protection regulations such as GDPR or HIPAA. Organizations must ensure that any data shared with external services adheres to legal standards for data handling and user consent. ### 5.4 Mitigating Security Vulnerabilities To combat these vulnerabilities, organisations must adopt a proactive approach to security. This includes implementing layered security measures, such as robust access controls, encryption, and continuous monitoring of AI systems. Regular security assessments and updates are essential to identify and address vulnerabilities before they can be exploited. Additionally, educating AI developers and users about potential security threats associated with AI and LLMs is crucial [15]. By fostering a culture of security awareness, organisations can better equip themselves to respond to and mitigate the risks posed by these evolving technologies. ## 6 Conclusion The integration of AI agents, particularly those with direct access to database systems, presents significant privacy and security challenges that cannot be overlooked. This research has highlighted the multifaceted vulnerabilities associated with AI agent interactions, including the expansion of the attack surface, risks of data manipulation, and the unintended exposure of sensitive information through the use of LLM APIs. As AI technologies continue to advance, the potential for exploitation of these vulnerabilities by malicious actors increases, necessitating a proactive approach to security in AI systems. Organizations must prioritize the development of robust security frameworks that encompass comprehensive access controls, continuous monitoring, and adherence to data protection regulations. Moreover, fostering a culture of security awareness among AI developers and users is critical to mitigating risks associated with AI and LLMs. Ultimately, while the potential benefits of AI systems are immense, the challenges of ensuring data privacy and security are equally significant. Addressing these vulnerabilities is essential for maintaining user trust and achieving the responsible deployment of AI technologies across various industries. Continued research and innovation in this area will be crucial to creating secure, ethical, and efficient AI systems that can operate safely in a datarich environment. ## References - [1] Othmane Friha, Mohamed Amine Ferrag, Burak Kantarci, Burak Cakmak, Arda Ozgun, and Nassira Ghoualmi-Zine. Llm-based edge intelligence: A comprehensive survey on architectures, applications, security and trustworthiness. IEEE Open Journal of the Communications Society, 2024. - [2] Kim On Chin, Kim Soon Gan, Rayner Alfred, Patricia Anthony, and Dickson Lukose. Agent architecture: An overview. Transactions on science and technology, 1(1):18–35, 2014. - [3] Yifeng He, Ethan Wang, Yuyang Rong, Zifei Cheng, and Hao Chen. Security of ai agents. arXiv preprint arXiv:2406.08689, 2024. - [4] Adrián Bazaga, Nupur Gunwant, and Gos Micklem. Translating synthetic natural language to database queries with a polyglot deep learning framework. Scientific Reports, 11(1):18462, 2021. - [5] G Prashanthi, Sravani Puranam, Sheethal Reddy Vemula, Preethi Doulathbaji, Anusha Bellamkonda, et al. Natural language to sql: Automated query formation using nlp techniques. In E3S Web of Conferences, volume 391, page 01115. EDP Sciences, 2023. - [6] Austine Unuriode, Olalekan Durojaiye, Babatunde Yusuf, and Lateef Okunade. The integration of artificial i intelligence into d database systems (ai-db integration review). Available at SSRN 4744549, 2023. - [7] Zhi Jing, Yongye Su, Yikun Han, Bo Yuan, Chunjiang Liu, Haiyun Xu, and Kehai Chen. When large language models meet vector databases: A survey. arXiv preprint arXiv:2402.01763, 2024. - [8] Daeseung Park, Gi-taek An, Chayapol Kamyod, and Cheong Ghil Kim. A study on performance improvement of prompt engineering for generative ai with a large language model. Journal of Web Engineering, 22(8):1187–1206, 2023. - [9] Mark Ryan, Josephina Antoniou, Laurence Brooks, Tilimbe Jiya, Kevin Macnish, and Bernd Stahl. Research and practice of ai ethics: a case study approach juxtaposing academic discourse with organisational reality. Science and Engineering Ethics, 27:1–29, 2021. - [10] Ana Luize Corrêa Bertoncini and Mauricio C Serafim. Ethical content in artificial intelligence systems: A demand explained in three critical points. Frontiers in Psychology, 14:1074787, 2023. - [11] Tula Masterman, Sandi Besen, Mason Sawtell, and Alex Chao. The landscape of emerging ai agent architectures for reasoning, planning, and tool calling: A survey. arXiv preprint arXiv:2404.11584, 2024. - [12] Saharnaz Dilmaghani, Matthias R Brust, Grégoire Danoy, Natalia Cassagnes, Johnatan Pecero, and Pascal Bouvry. Privacy and security of big data in ai systems: A research and standards perspective. In 2019 IEEE international conference on big data (big data), pages 5737–5743. IEEE, 2019. - [13] Jan von der Assen, Jamo Sharif, Chao Feng, Christian Killer, Gérôme Bovet, and Burkhard Stiller. Asset-centric threat modeling for ai-based systems. In 2024 IEEE International Conference on Cyber Security and Resilience (CSR), pages 437–444. IEEE, 2024. - [14] Daniel Wankit Yip, Aysan Esmradi, and Chun Fai Chan. A novel evaluation framework for assessing resilience against prompt injection attacks in large language models. In 2023 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE), pages 1–5. IEEE, 2023. - [15] Yupeng Hu, Wenxin Kuang, Zheng Qin, Kenli Li, Jiliang Zhang, Yansong Gao, Wenjia Li, and Keqin Li. Artificial intelligence security: Threats and countermeasures. ACM Computing Surveys (CSUR), 55(1):1–36, 2021.

Rendering Paper...