As LLM-powered AI agents evolve from monolithic execution to multi-agent collaboration, inter-agent communication has become foundational to emerging AI ecosystems—yet its security risks remain unexamined systematically. This paper introduces the first three-stage lifecycle model for agent communication security—encompassing user–agent, agent–agent, and agent–environment interactions—and proposes the inaugural end-to-end threat taxonomy and corresponding defense mapping framework. Through systematic literature review and protocol reverse engineering, we conduct security modeling and risk decomposition of mainstream protocols—including MCP and A2A—identifying critical vulnerabilities in protocol design, identity authentication, and intent hijacking. Beyond synthesizing the state of the art and existing defenses, we distill key open challenges, thereby establishing a theoretical foundation and practical guidelines for designing trustworthy, secure multi-agent collaboration protocols. (149 words)

In recent years, Large-Language-Model-driven AI agents have exhibited unprecedented intelligence, flexibility, and adaptability, and are rapidly changing human production and lifestyle. Nowadays, agents are undergoing a new round of evolution. They no longer act as an isolated island like LLMs. Instead, they start to communicate with diverse external entities, such as other agents and tools, to collectively perform more complex tasks. Under this trend, agent communication is regarded as a foundational pillar of the future AI ecosystem, and many organizations intensively begin to design related communication protocols (e.g., Anthropic's MCP and Google's A2A) within the recent few months. However, this new field exposes significant security hazard, which can cause severe damage to real-world scenarios. To help researchers to quickly figure out this promising topic and benefit the future agent communication development, this paper presents a comprehensive survey of agent communication security. More precisely, we first present a clear definition of agent communication and categorize the entire lifecyle of agent communication into three stages: user-agent interaction, agent-agent communication, and agent-environment communication. Next, for each communication phase, we dissect related protocols and analyze its security risks according to the communication characteristics. Then, we summarize and outlook on the possible defense countermeasures for each risk. Finally, we discuss open issues and future directions in this promising research field.