The primary objective of this chapter is to delineate the susceptibility of multi‑agent system (MAS) communication graphs to malicious actors and to chart a research trajectory that transitions from traditional resilience techniques to frontier‑grade, adaptive defense architectures. We seek to:
1. Quantify how graph‑structural properties (degree, robustness, connectivity) influence the spread of adversarial influence.
2. Expose the failure modes of existing consensus protocols (e.g., W‑MSR) when inter‑agent links are compromised.
3. Formulate criteria for resilient graph design that are locally enforceable, independent of global state knowledge, and amenable to dynamic reconfiguration.
These aims address a critical gap identified in the literature: most resilience studies assume reliable, authenticated communication, yet real‑world MAS deployments routinely experience message tampering, spoofing, and denial‑of‑service attacks [1][2][3].
Contemporary MAS resilience is largely predicated on global graph metrics—notably (r, s)‑robustness and minimum degree thresholds—computed over the entire network. The Weighted Mean‑Square‑Residual (W‑MSR) algorithm, for instance, guarantees resilient consensus only if every normal agent maintains a degree exceeding a function of the total number of malicious agents [1][2]. These conventional approaches exhibit two critical shortcomings:
Moreover, empirical studies demonstrate that malicious injections can propagate through exposed edge agents, leading to a global takeover of MAS behavior [4] . Existing defenses (classic observers, impulsive control, event‑triggered adaptive control) are typically evaluated under simplified attack models and fail to generalize to realistic, multi‑hop adversarial scenarios [5][6].
To transcend the limitations of conventional resilience, we propose a hierarchical, adaptive defense framework that integrates the following novel components:
Agents trigger local reconfiguration (edge addition/removal) when their LRC falls below a predefined threshold, ensuring the minimum degree condition for resilient consensus is maintained locally [1][2].
Secure Graph‑Aware Consensus (SGC)
Employ graph‑adaptive filtering that dynamically adjusts the influence radius based on observed attack patterns, inspired by EIB‑LEARNER’s adaptive GNN approach [9] .
Cascading Attack Mitigation Layer (CAML)
Use cryptographic sandboxes (e.g., per‑agent MACs) to contain potential code injection, aligning with the lessons from the SSH agent vulnerability [11] and the concept of message authentication in secure IoT protocols [12] .
Resilience‑Oriented Graph Evolution (ROGE)
The proposed framework offers several decisive advantages over conventional global‑state approaches:
Collectively, these innovations chart a path from conventional, globally‑dependent resilience mechanisms to a frontier paradigm that is locally controllable, adaptive, and securely verifiable, thereby addressing the core vulnerabilities exposed in current MAS communication graphs.
| 1 | Distributed Resilience-Aware Control in Multi-Robot Networks 2025-04-03 The main challenge of using W-MSR algorithm lies in the fact that (r, s)-robustness is combinatorial and a function of global network states (i.e., the states of all robots). Existing approaches for maintaining these properties typically require obtaining global state information through inter-agent communication. However, such communication becomes unreliable in the presence of malicious agents. Thus, we present an alternative sufficient condition that is locally controllable. )) be the minimum... |
| 2 | Distributed Resilience-Aware Control in Multi-Robot Networks 2025-12-31 The main challenge of using W-MSR lies in the fact that (r, s)robustness is combinatorial and a function of global network states.Existing approaches for maintaining these properties typically require global state knowledge, which depends on inter-agent communication.However, such communication becomes unreliable in the presence of malicious agents.Thus, we present an alternative sufficient condition that is locally controllable. Problem 1.Given a network G(t) = (V, E(t)) under an Ftotal attack ... |
| 3 | Home / Insights / Promise and Peril in the Age of Agentic AI: Navigating the New Security Landscape 2026-01-23 Research indicates that treating agents as privileged users requires robust identity governance, including multi-factor authentication adaptations and just-in-time provisioning mechanisms. 1.2.4 Agent Communication Poisoning In complex enterprise deployments, multiple agents will need to collaborate to accomplish sophisticated tasks. This inter-agent communication introduces vulnerabilities to poisoning attacks, where malicious actors inject false information into agent dialogues. Such attacks c... |
| 4 | Effects of Communication Disruption in Mobile Agent Trust Assessments for Distributed Security 2004-12-31 In addition, trust-based strategies are examined by which mobile agents assist each other in avoiding malicious hosts and recovering from host attacks. Communication among agents is vital to robust soft security to ensure that agents can cooperate by sharing their host trustworthiness assessments. Since agent mobility inherently makes communication difficult, unreliable, or sometimes impossible, this research conducts experiments to examine the affect of communication link disruption on distribu... |
| 5 | A Robustness Analysis to Structured Channel Tampering Over Secure-by-Design Consensus Networks 2023-06-08 However, due to the openness of communication protocols and the complexity of networks, the agreement of MASs may be vulnerable to malicious cyber-attacks . In particular, if the agent sensors are threatened by an attacker, the measured data may be unreliable or faulty. Indeed, the attack signals can even disrupt the control performance of the group of agents through the communication topology. Therefore, resilient solutions are required to ensure that MASs fulfill consensus under security hazar... |
| 6 | ACIArena: Toward Unified Evaluation for Agent Cascading Injection 2026-04-08 In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the system. However, existing studies consider only limited attack strategies and simplified MAS settings, limiting their generalizability and comprehensive evaluation. To bridge this gap, we introduce ACIArena, a unified framework for evaluating the robustness of MAS. ACIArena offers systematic evaluation suites spanning multiple attack surfaces (i.e., external ... |
| 7 | Large Language Models are Autonomous Cyber Defenders 2025-12-31 Since blue agents only have visibility in their assigned subnetwork (see Fig. 1), they need to exchange messages with each other to share threat information.CAGE 4 allows each agent to broadcast a 1-byte vector per step called Communication Vector, yet its format is undefined.We use this 8-bit protocol and propose a realistic multi-agent communication strategy. Our idea is to summarize the current security level of a network based on each agent's observation and its current state (free or busy).... |
| 8 | Systems-Level Attack Surface of Edge Agent Deployments on IoT 2026-02-25 All inter-agent communication uses MQTT pub/sub on the Mac mini broker (port 1883, Tailscale mesh only; no public exposure).Agents publish to topic-structured channels using a JSON envelope carrying sender ID, message type, microsecond timestamp, correlation ID, and payload.The NUC bridges MQTT to Home Assistant's REST API for IoT device control.Model inference calls traverse WAN to cloud providers; all operational IoT traffic remains mesh-local. This design makes MQTT the sole coordination plan... |
| 9 | Understanding the Information Propagation Effects of Communication Topologies in LLM-based Multi-Agent Systems 2025-05-28 Motivated by our Insight, EIB-LEARNER balances the error-insight trade-off by co-training two complementary graph neural network (GNN) simulators to simulate the error suppression and insight propagation given a specific query (Section 4.1), and then adaptively blending their learned inter-agent coefficients to construct robust topologies (Section 4.2).The overall pipeline of EIB-LEARNER is shown in Figure 3. GNN-based Propagation Simulators To balance error suppression and insight propagation i... |
| 10 | Architectures for Robust Self-Organizing Energy Systems under Information and Control Constraints 2026-04-22 Fig. 3: Reaction to the malicious agent: the centralized controller sends a new communication topology, excluding the malicious agent from communication. Fig. 5 : 5 Fig. 5: Reaction to the malicious agent: multi-leveled controller. Fig. 7 : 7 Fig. 7: Centralized controller: solution quality (performance) for normal operation, disruption and control phases.... |
| 11 | CVE-2025-47913 is a denial of service vulnerability in Go SSH that causes client panic when receiving unexpected SSH_AGENT_SUCCESS responses. 2026-04-17 SSH clients using this library can experience a panic and subsequent process termination when receiving an unexpected SSH_AGENT_SUCCESS response from a malicious or compromised SSH agent. When the client expects a typed response but instead receives SSH_AGENT_SUCCESS, the improper handling triggers a reachable assertion that crashes the application. This vulnerability allows network-based attackers to crash Go-based SSH client applications without authentication, causing service disruption and p... |
| 12 | Detection of malicious beaconing in virtual private networks 2026-05-04 The computer-implemented method of claim 1, wherein the one or more machine learning models are trained on labeled network traffic data that includes known examples of malicious and benign beacons.... |