Saved in:
Bibliographic Details
Main Authors: Cai, Ziwen, Zhang, Yihe, Hei, Xiali
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.08460
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913104434036736
author Cai, Ziwen
Zhang, Yihe
Hei, Xiali
author_facet Cai, Ziwen
Zhang, Yihe
Hei, Xiali
contents Since the official release of ChatGPT in 2022, large language models (LLMs) have rapidly evolved from chatbot-style interfaces into agentic systems that can delegate work through tools and newly spawned subagents. While these capabilities improve automation and scalability, they also pose new security risks in multi-agent networks. Existing research has studied how individual LLM-based agents can be compromised through prompt injection, jailbreaking, poisoned retrieval data, or malicious extensions. Less is known about what happens after one agent is compromised inside a multi-agent network. In particular, inherited memory from parent agents can carry malicious instructions, outdated states, or unintended behavioral rules into newly created subagents, allowing a local compromise to spread across agent boundaries. In this paper, we model contemporary multi-agent networks through the lens of subagent inheritance. Our analysis shows that current frameworks can violate trust boundaries through insecure memory inheritance, weak resource control, stale post-spawn state, and improper termination authority. We demonstrate these risks in real agent frameworks and propose defenses based on explicit security invariants. Our findings show that inheritance is not merely an implementation detail, but a central component influencing the security of multi-agent systems.
format Preprint
id arxiv_https___arxiv_org_abs_2605_08460
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle When Child Inherits: Modeling and Exploiting Subagent Spawn in Multi-Agent Networks
Cai, Ziwen
Zhang, Yihe
Hei, Xiali
Cryptography and Security
Artificial Intelligence
Since the official release of ChatGPT in 2022, large language models (LLMs) have rapidly evolved from chatbot-style interfaces into agentic systems that can delegate work through tools and newly spawned subagents. While these capabilities improve automation and scalability, they also pose new security risks in multi-agent networks. Existing research has studied how individual LLM-based agents can be compromised through prompt injection, jailbreaking, poisoned retrieval data, or malicious extensions. Less is known about what happens after one agent is compromised inside a multi-agent network. In particular, inherited memory from parent agents can carry malicious instructions, outdated states, or unintended behavioral rules into newly created subagents, allowing a local compromise to spread across agent boundaries. In this paper, we model contemporary multi-agent networks through the lens of subagent inheritance. Our analysis shows that current frameworks can violate trust boundaries through insecure memory inheritance, weak resource control, stale post-spawn state, and improper termination authority. We demonstrate these risks in real agent frameworks and propose defenses based on explicit security invariants. Our findings show that inheritance is not merely an implementation detail, but a central component influencing the security of multi-agent systems.
title When Child Inherits: Modeling and Exploiting Subagent Spawn in Multi-Agent Networks
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2605.08460