全生命周期智能体防护体系与关键技术研究

摘要：随着人工智能（AI）向具备自主规划与执行能力的“Agentic AI”演进，智能体安全已超越传统内容生成范畴，面临指令劫持、工具滥用及决策失控等全新挑战。针对这一现状，首先系统梳理了智能体在感知、决策、执行与协作四个维度的核心风险，指出传统静态防御机制的局限性。在此基础上，提出了一套融合“全生命周期治理（SDLC）”与“纵深防御”理念的智能体安全防护技术体系，从架构级隔离、模型内生对齐、防御性提示词工程、动态运行时防护及全流程测评五个层面，构建了由内而外的防御闭环。阐述了中兴通讯端到端的智能体安全实践，通过集成智能体协同防护引擎、动态信息流控制及隐私脱敏等关键技术，构筑了覆盖基础设施至上层应用、模型推理至工具执行的全栈安全能力。研究表明，该体系能有效实现决策可信、行为可控与风险可视，推动智能体安全从单点被动防御向系统化“主动免疫”转型，为企业级智能体的安全部署与规模化落地提供了强有力的技术支撑与实践参考。

关键词：智能体安全；提示词注入；工具执行安全；全生命周期防护；纵深防御；运行时防护；主动免疫

Abstract: As artificial intelligence (AI) evolves towards "Agentic AI" capable of autonomous planning and execution, AI agent security has transcended the scope of traditional content generation, facing novel challenges such as instruction hijacking, tool abuse, and uncontrolled decision-making. Addressing this landscape, this paper first systematically reviews core risks across four dimensions: perception, decision-making, execution, and collaboration, highlighting the limitations of traditional static defense mechanisms. On this basis, a technical system for intelligent agent security protection integrating the concepts of "software development life cycle (SDLC) governance" and "defense-in-depth" is proposed. This constructs a closed-loop defense from the inside out across five levels: architecture-level isolation, model intrinsic alignment, defensive prompt engineering, dynamic runtime protection, and full-process evaluation. This paper also elaborates on ZTE Corporation's end-to-end intelligent agent security practice. By integrating key technologies such as the agent collaborative protection engine, dynamic information flow control, and privacy desensitization, it constructs full-stack security capabilities covering from infrastructure to upper-layer applications, and from model inference to tool execution. Research demonstrates that this system can effectively achieve trustworthy decision-making, controllable behavior, and observable risks, promoting the transformation of intelligent agent security from single-point passive defense to systematic "proactive immunity." This provides robust technical support and practical references for the secure deployment and large-scale implementation of enterprise-grade intelligent agents.

Keywords: AI agent security; prompt injection; tool execution security; full-lifecycle protection; defense-in-depth; runtime protection; proactive immunity