Topology Matters: Measuring Memory Leakage in Multi-Agent LLMs

Researchers introduce MAMA, a framework measuring how network topology affects private information leakage in multi-agent LLM systems. The study demonstrates that denser connectivity and shorter distances between attackers and targets significantly increase memory leakage, with practical implications for securing distributed AI systems.

The research addresses a critical vulnerability in multi-agent LLM architectures: the structural characteristics of agent networks directly determine how easily private information can be extracted through coordinated attacks. This finding carries substantial weight as organizations increasingly deploy interconnected AI systems for collaborative tasks, often without understanding the security implications of their chosen topology.

The MAMA framework's systematic approach—seeding private information then measuring extraction success across multiple rounds—reveals that leakage concentrates early in interactions before plateauing. This temporal pattern suggests attackers need only limited interaction windows to succeed, making preventive topology design essential rather than reliance on behavioral safeguards. The consistency of results across different model architectures indicates these topology effects are fundamental properties rather than model-specific quirks.

For developers and system architects, the findings translate into concrete design constraints. Sparse or hierarchical networks substantially reduce leakage compared to fully connected alternatives. The research identifies specific vulnerabilities: hub nodes (high centrality) and shortcut pathways amplify information flow to attackers. These insights enable topology-aware access control strategies that limit which agents can communicate.

The practical implications extend beyond academic security. Organizations deploying multi-agent systems for sensitive applications—financial services, healthcare, government—must now consider network topology as a first-order security variable alongside encryption and authentication. The availability of evaluation code enables organizations to test their own architectures before deployment, shifting security from assumption-based to measurement-based practices.

• →Network topology directly determines memory leakage rates in multi-agent LLM systems, with denser connectivity substantially increasing vulnerability.
• →Attackers extract most private information within early interaction rounds, indicating brief windows suffice for successful data extraction.
• →Spatiotemporal and location data leak more readily than identity credentials, suggesting differential privacy risks across information categories.
• →Sparse hierarchical topologies and maximized attacker-target separation emerge as primary defenses against multi-agent LLM attacks.
• →Topology effects remain consistent across model architectures, indicating universal rather than model-specific security implications.