benchmark 2026

TrinityGuard: A Unified Framework for Safeguarding Multi-Agent Systems

Kai Wang , Biaojie Zeng , Zeming Wei , Chang Jin , Hefeng Zhou , Xiangtian Li , Chao Yang , Jingjing Qu , Xingcheng Xu , Xia Hu

Shanghai AI Laboratory

0 citations
α

Published on arXiv

2603.15408

Prompt Injection

OWASP LLM Top 10 — LLM01

Excessive Agency

OWASP LLM Top 10 — LLM08

Key Finding

Presents comprehensive framework covering 20 distinct risk types with both pre-development evaluation and runtime monitoring capabilities for LLM-based multi-agent systems

TrinityGuard

Novel technique introduced

With the rapid development of LLM-based multi-agent systems (MAS), their significant safety and security concerns have emerged, which introduce novel risks going beyond single agents or LLMs. Despite attempts to address these issues, the existing literature lacks a cohesive safeguarding system specialized for MAS risks. In this work, we introduce TrinityGuard, a comprehensive safety evaluation and monitoring framework for LLM-based MAS, grounded in the OWASP standards. Specifically, TrinityGuard encompasses a three-tier fine-grained risk taxonomy that identifies 20 risk types, covering single-agent vulnerabilities, inter-agent communication threats, and system-level emergent hazards. Designed for scalability across various MAS structures and platforms, TrinityGuard is organized in a trinity manner, involving an MAS abstraction layer that can be adapted to any MAS structures, an evaluation layer containing risk-specific test modules, alongside runtime monitor agents coordinated by a unified LLM Judge Factory. During Evaluation, TrinityGuard executes curated attack probes to generate detailed vulnerability reports for each risk type, where monitor agents analyze structured execution traces and issue real-time alerts, enabling both pre-development evaluation and runtime monitoring. We further formalize these safety metrics and present detailed case studies across various representative MAS examples, showcasing the versatility and reliability of TrinityGuard. Overall, TrinityGuard acts as a comprehensive framework for evaluating and monitoring various risks in MAS, paving the way for further research into their safety and security.

Key Contributions

  • Three-tier risk taxonomy identifying 20 risk types across single-agent, inter-agent, and system-level threats in MAS
  • Unified evaluation and runtime monitoring framework adaptable to various MAS structures and platforms
  • OWASP-grounded safety metrics with curated attack probes and real-time alert system via monitor agents

🛡️ Threat Analysis

Details

Domains
nlpmultimodal
Model Types
llm
Threat Tags
inference_time
Applications
multi-agent systemsautonomous agentsllm-based collaboration
Read PDF arXiv

Similar Papers

benchmark

Can LLMs Threaten Human Survival? Benchmarking Potential Existential Threats from LLMs via Prefix Completion

2025 1 cit.
93%
benchmark

Beyond Model Jailbreak: Systematic Dissection of the "Ten DeadlySins" in Embodied Intelligence

2025 0 cit.
93%
benchmark

ClawSafety: "Safe" LLMs, Unsafe Agents

2026 0 cit.
87%
benchmark

SecureWebArena: A Holistic Security Evaluation Benchmark for LVLM-based Web Agents

2025 5 cit.
87%
benchmark

Code Agent can be an End-to-end System Hacker: Benchmarking Real-world Threats of Computer-use Agent

2025 4 cit.
87%
benchmark

How Vulnerable Are AI Agents to Indirect Prompt Injections? Insights from a Large-Scale Public Competition

2026 0 cit.
87%
benchmark

Aegis: Towards Governance, Integrity, and Security of AI Voice Agents

2026 0 cit.
81%
benchmark

Measuring the Security of Mobile LLM Agents under Adversarial Prompts from Untrusted Third-Party Channels

2025 0 cit.
81%