Saved in:
Bibliographic Details
Main Authors: He, Jiayi, Luo, Xiaofeng, Kang, Jiawen, Zhang, Ruichen, Tang, Jianhang, Kim, Dong In
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.09889
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910207623299072
author He, Jiayi
Luo, Xiaofeng
Kang, Jiawen
Zhang, Ruichen
Tang, Jianhang
Kim, Dong In
author_facet He, Jiayi
Luo, Xiaofeng
Kang, Jiawen
Zhang, Ruichen
Tang, Jianhang
Kim, Dong In
contents A new paradigm, Internet of Agents (IoA), is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced intelligence, it also exposes a new and overlooked attack surface. In particular, malicious agents can strategically manipulate their skill descriptions to bias routing decisions and increase their probability of being selected for task execution, thereby disrupting user tasks and degrading system reliability. To characterize this threat, we propose and formalize a new attack model, termed \emph{Skill Description Deception} (SDD) attack. We further design an LLM-enabled SDD attack framework that automatically generates deceptive skill descriptions, enabling systematic vulnerability assessment of IoA systems. Experimental results on nine representative domains show that the proposed attack can achieve up to 98\% attack success rate, demonstrating the severity and generality of the attack. Our paper reveals a new security vulnerability in IoA and calls for secure and trustworthy semantic routing mechanisms for future IoA systems.
format Preprint
id arxiv_https___arxiv_org_abs_2605_09889
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Skill Description Deception Attack against Task Routing in Internet of Agents
He, Jiayi
Luo, Xiaofeng
Kang, Jiawen
Zhang, Ruichen
Tang, Jianhang
Kim, Dong In
Multiagent Systems
A new paradigm, Internet of Agents (IoA), is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced intelligence, it also exposes a new and overlooked attack surface. In particular, malicious agents can strategically manipulate their skill descriptions to bias routing decisions and increase their probability of being selected for task execution, thereby disrupting user tasks and degrading system reliability. To characterize this threat, we propose and formalize a new attack model, termed \emph{Skill Description Deception} (SDD) attack. We further design an LLM-enabled SDD attack framework that automatically generates deceptive skill descriptions, enabling systematic vulnerability assessment of IoA systems. Experimental results on nine representative domains show that the proposed attack can achieve up to 98\% attack success rate, demonstrating the severity and generality of the attack. Our paper reveals a new security vulnerability in IoA and calls for secure and trustworthy semantic routing mechanisms for future IoA systems.
title Skill Description Deception Attack against Task Routing in Internet of Agents
topic Multiagent Systems
url https://arxiv.org/abs/2605.09889