attack arXiv Mar 22, 2026 · 15d ago
Qiuchi Xiang, Haoxuan Qu, Hossein Rahmani et al. · Lancaster University
Stealth attack on multi-agent LLM discussions that evades continuous anomaly monitoring through strategic agent selection and message crafting
Prompt Injection Excessive Agency nlpmultimodal
Multi-agent discussions have been widely adopted, motivating growing efforts to develop attacks that expose their vulnerabilities. In this work, we study a practical yet largely unexplored attack scenario, the discussion-monitored scenario, where anomaly detectors continuously monitor inter-agent communications and block detected adversarial messages. Although existing attacks are effective without discussion monitoring, we show that they exhibit detectable patterns and largely fail under such monitoring constraints. But does this imply that monitoring alone is sufficient to secure multi-agent discussions? To answer this question, we develop a novel attack method explicitly tailored to the discussion-monitored scenario. Extensive experiments demonstrate that effective attacks remain possible even under continuous monitoring, indicating that monitoring alone does not eliminate adversarial risks.
llm multimodal Lancaster University
ML Security Papers