Securing Multi-Agent Systems Against Corruptions via Node Contribution Backpropagation

Researchers propose a dynamic defense mechanism for Multi-Agent Systems that identifies and isolates malicious agents by computing each agent's contribution to final outputs through backward propagation. The method addresses a critical vulnerability where adversarial agents can inject false information that spreads through agent networks, improving security for LLM-based multi-agent applications.

Multi-agent systems built on large language models represent a significant architectural shift in AI deployment, enabling complex task decomposition and collaborative problem-solving. However, this distributed structure introduces a fundamental attack surface: malicious agents can inject misleading information that propagates through interconnected networks, corrupting benign agents and producing unreliable outputs. This paper tackles a timely problem as organizations increasingly adopt MAS architectures without adequate security frameworks.

The vulnerability parallels historical challenges in distributed systems and blockchain networks, where coordinating multiple parties while maintaining integrity requires sophisticated verification mechanisms. Previous defenses modeled agent communications as static graphs, missing the dynamic nature of actual multi-agent interactions. The proposed approach treats MAS communication as a signed directed acyclic graph and employs backward propagation to calculate each agent's specific contribution to system outputs. This enables precise identification of malicious actors rather than broad system-level defenses.

For the AI industry, this research directly impacts deployment confidence in multi-agent LLM systems, particularly in high-stakes applications involving financial analysis, medical recommendations, or legal reasoning. Organizations hesitant about MAS reliability due to adversarial risks may gain confidence with robust defense mechanisms. The method's demonstrated outperformance over existing defenses suggests practical applicability.

Looking forward, the effectiveness of such defenses will determine whether enterprises broadly adopt multi-agent architectures or maintain centralized AI systems. Integration of these security mechanisms into standard MAS frameworks and testing against sophisticated adaptive adversaries will determine real-world impact. The intersection of AI safety and multi-agent reliability remains underexplored commercially.

• →Dynamic defense mechanism identifies malicious agents by computing contribution scores through backward propagation on communication graphs.
• →Addresses critical vulnerability where adversarial agents inject false information that contagiously corrupts benign agents in multi-agent LLM systems.
• →Outperforms existing static-graph defense approaches in complex, dynamic multi-agent environments.
• →Enables isolation of malicious agents with higher accuracy, improving trustworthiness of multi-agent task collaboration.
• →Critical for enterprise adoption of multi-agent systems in high-stakes applications requiring reliability.