PEAR: Planner-Executor Agent Robustness Benchmark

Large Language Model (LLM)-based Multi-Agent Systems (MAS) have emerged as a powerful paradigm for tackling complex, multi-step tasks across diverse domains. However, despite their impressive capabilities, MAS remain susceptible to adversarial manipulation. Existing studies typically examine isolated attack surfaces or specific scenarios, leaving a lack of holistic understanding of MAS vulnerabilities. To bridge this gap, we introduce PEAR, a benchmark for systematically evaluating both the utility and vulnerability of planner-executor MAS. While compatible with various MAS architectures, our benchmark focuses on the planner-executor structure, which is a practical and widely adopted design. Through extensive experiments, we find that (1) a weak planner degrades overall clean task performance more severely than a weak executor; (2) while a memory module is essential for the planner, having a memory module for the executor does not impact the clean task performance; (3) there exists a trade-off between task performance and robustness; and (4) attacks targeting the planner are particularly effective at misleading the system. These findings offer actionable insights for enhancing the robustness of MAS and lay the groundwork for principled defenses in multi-agent settings.

Key Contributions

• PEAR benchmark with 84 clean tasks and 120 attack tasks spanning harmful action, privacy leakage, and resource exhaustion across four real-world scenarios (1,680 attack instances total)
• Systematic evaluation of five attack types across two attack surfaces (planner and executor) in planner-executor MAS
• Empirical finding that attacks targeting the planner are most effective and that a performance-robustness trade-off exists in MAS

🛡️ Threat Analysis

Details

Similar Papers