Saved in:
Bibliographic Details
Main Authors: Liang, Ruichao, Yin, Le, Chen, Jing, Feng, Yebo, Wu, Cong, Zhang, Xiaoyu, Gu, Huangpeng, Zhang, Zijian, Liu, Yang
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2512.04129
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917458164580352
author Liang, Ruichao
Yin, Le
Chen, Jing
Feng, Yebo
Wu, Cong
Zhang, Xiaoyu
Gu, Huangpeng
Zhang, Zijian
Liu, Yang
author_facet Liang, Ruichao
Yin, Le
Chen, Jing
Feng, Yebo
Wu, Cong
Zhang, Xiaoyu
Gu, Huangpeng
Zhang, Zijian
Liu, Yang
contents The digital world is witnessing the rapid rise of LLM-based multi-agent systems (MASs) and their powerful applications. However, their security remains insufficiently understood, as existing evaluations are largely limited to narrow attack settings and may substantially underestimate the real risks of MAS deployments. Inspired by the MAS inter-agent dependencies, where upstream outputs are reinterpreted and executed by downstream agents, we propose a topology-aware attack scheme that propagates adversarial contamination from exposed edge agents to high-privilege agents to induce malicious behaviors. By combining topology reconnaissance, contamination propagation modeling, and hierarchical payload encapsulation, our approach overcomes the key challenges of black-box attacks and makes such multi-hop compromise practical. Experiments show that our approach achieves success rates of 40\%--78\% on three widely-used MAS frameworks under five topologies, and 85\% on two real-world MAS applications across 20 representative scenarios. The results reveal fundamental vulnerabilities in MASs that have been overlooked by prior studies. Based on these findings, we propose a topology-trust mitigation that blocks 94.8\% of such composite attacks.
format Preprint
id arxiv_https___arxiv_org_abs_2512_04129
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Don't Trust Your Upstream: Exploiting LLM Multi-Agent System via Topology-Guided Adversarial Propagation
Liang, Ruichao
Yin, Le
Chen, Jing
Feng, Yebo
Wu, Cong
Zhang, Xiaoyu
Gu, Huangpeng
Zhang, Zijian
Liu, Yang
Cryptography and Security
The digital world is witnessing the rapid rise of LLM-based multi-agent systems (MASs) and their powerful applications. However, their security remains insufficiently understood, as existing evaluations are largely limited to narrow attack settings and may substantially underestimate the real risks of MAS deployments. Inspired by the MAS inter-agent dependencies, where upstream outputs are reinterpreted and executed by downstream agents, we propose a topology-aware attack scheme that propagates adversarial contamination from exposed edge agents to high-privilege agents to induce malicious behaviors. By combining topology reconnaissance, contamination propagation modeling, and hierarchical payload encapsulation, our approach overcomes the key challenges of black-box attacks and makes such multi-hop compromise practical. Experiments show that our approach achieves success rates of 40\%--78\% on three widely-used MAS frameworks under five topologies, and 85\% on two real-world MAS applications across 20 representative scenarios. The results reveal fundamental vulnerabilities in MASs that have been overlooked by prior studies. Based on these findings, we propose a topology-trust mitigation that blocks 94.8\% of such composite attacks.
title Don't Trust Your Upstream: Exploiting LLM Multi-Agent System via Topology-Guided Adversarial Propagation
topic Cryptography and Security
url https://arxiv.org/abs/2512.04129