ML Security PapersLying with Truths: Open-Channel Multi-Agent Collusion for Belief Manipulation via Generative Montage
Jinwei Hu 1, Xinmiao Huang 1, Youcheng Sun 2, Yi Dong 1, Xiaowei Huang 1
Published on arXiv
2601.01685
Prompt Injection
OWASP LLM Top 10 — LLM01
Key Finding
Achieves 74.4% attack success on proprietary LLMs and 70.6% on open-weights models, with stronger reasoning capabilities counterintuitively increasing susceptibility to the attack.
Generative Montage
Novel technique introduced
As large language models (LLMs) transition to autonomous agents synthesizing real-time information, their reasoning capabilities introduce an unexpected attack surface. This paper introduces a novel threat where colluding agents steer victim beliefs using only truthful evidence fragments distributed through public channels, without relying on covert communications, backdoors, or falsified documents. By exploiting LLMs' overthinking tendency, we formalize the first cognitive collusion attack and propose Generative Montage: a Writer-Editor-Director framework that constructs deceptive narratives through adversarial debate and coordinated posting of evidence fragments, causing victims to internalize and propagate fabricated conclusions. To study this risk, we develop CoPHEME, a dataset derived from real-world rumor events, and simulate attacks across diverse LLM families. Our results show pervasive vulnerability across 14 LLM families: attack success rates reach 74.4% for proprietary models and 70.6% for open-weights models. Counterintuitively, stronger reasoning capabilities increase susceptibility, with reasoning-specialized models showing higher attack success than base models or prompts. Furthermore, these false beliefs then cascade to downstream judges, achieving over 60% deception rates, highlighting a socio-technical vulnerability in how LLM-based agents interact with dynamic information environments. Our implementation and data are available at: https://github.com/CharlesJW222/Lying_with_Truth/tree/main.
Key Contributions
- Formalizes the first cognitive collusion attack, exploiting LLMs' overthinking tendency to steer victim agents toward false beliefs using only truthful evidence fragments via public channels
- Proposes Generative Montage, a Writer-Editor-Director multi-agent framework that constructs maximally deceptive narrative sequences through adversarial debate and coordinated posting
- Introduces CoPHEME, a dataset derived from real-world rumor events, and demonstrates 74.4% attack success on proprietary models with cascading deception exceeding 60% on downstream judges