Large language model–driven autonomous agents pose systemic security and reliability risks in building an “Internet of Agents” (IoA). Method: We propose the first security-by-design, three-tiered risk identification and mitigation framework—spanning single-agent, multi-agent, and interoperability levels—grounded in bottom-up component decomposition and structured threat modeling, rather than treating security as an after-the-fact add-on. Contribution/Results: Our framework systematically uncovers critical vulnerabilities—including dual-use interfaces—at each tier and derives corresponding architectural mitigation principles. It delivers an engineering-grade foundational framework that provides reusable, scalable, and systematic design guidelines for trustworthy AI agent ecosystems. This work bridges a critical gap between theoretical agent-system security models and practical implementation, establishing the first principled architecture for secure IoA development.

Background: Autonomous agents powered by Large Language Models (LLMs) are driving a paradigm shift toward an "Internet of Agents" (IoA). While offering immense potential, this vision also introduces novel and systemic risks to safety and security. Objectives: Unlike common threat-centric taxonomies, our survey provides a principled, architectural framework for engineering safe and reliable agentic systems. We aim to identify the architectural sources of vulnerabilities to establish a foundation for secure design. Methods: We perform a bottom-up deconstruction of agentic systems, treating each component as a dual-use interface. The analysis spans three levels of complexity: the foundational Single Agent, the collaborative Multi-Agent System (MAS), and the visionary Interoperable Multi-Agent System (IMAS). At each level, we identify core architectural components and their inherent security risks. Results & Conclusions: Our central finding is that agentic safety is an architectural principle, not an add-on. By identifying specific vulnerabilities and deriving mitigation principles at each level of the agentic stack, this survey serves as a foundational guide for building the capable, safe, and trustworthy AI needed to realize a secure Internet of Agents.