AgentWard: A Lifecycle Security Architecture for Autonomous AI Agents
For developers and deployers of autonomous AI agents, this provides a structured blueprint for runtime security, though it is an architectural proposal without empirical security evaluation.
AgentWard proposes a lifecycle-oriented security architecture for autonomous AI agents that organizes protection across five stages (initialization, input processing, memory, decision-making, execution) with cross-layer coordination. The prototype on OpenClaw demonstrates practical feasibility.
Autonomous AI agents extend large language models into full runtime systems that load skills, ingest external content, maintain memory, plan multi-step actions, and invoke privileged tools. In such systems, security failures rarely remain confined to a single interface; instead, they can propagate across initialization, input processing, memory, decision-making, and execution, often becoming apparent only when harmful effects materialize in the environment. This paper presents AgentWard, a lifecycle-oriented, defense-in-depth architecture that systematically organizes protection across these five stages. AgentWard integrates stage-specific, heterogeneous controls with cross-layer coordination, enabling threats to be intercepted along their propagation paths while safeguarding critical assets. We detail the design rationale and architecture of five coordinated protection layers, and implement a plugin-native prototype on OpenClaw to demonstrate practical feasibility. This perspective provides a concrete blueprint for structuring runtime security controls, managing trust propagation, and enforcing execution containment in autonomous AI agents. Our code is available at https://github.com/FIND-Lab/AgentWard .