The core challenge in multi‑agent coordination under hostile environments is to derive policy inference mechanisms that remain reliable when agents’ observations are subtly perturbed by adversaries. Adversarial observation perturbations (AOPs) can stem from noisy telemetry, malicious sensor spoofing, or targeted semantic manipulation (e.g., prompt injection in LLM‑driven agents). The objective is therefore to construct inference frameworks that can (i) detect, (ii) adapt to, and (iii) recover from AOPs while preserving cooperative performance. This objective is crucial for trustworthy autonomous fleets, cyber‑security defenders, and any distributed AI that must maintain compositional integrity in the presence of unseen threats.
Current practice in robust Multi‑Agent Reinforcement Learning (MARL) largely mirrors single‑agent robustness:
While these approaches provide pessimistic guarantees against perturbations, they suffer from:
Thus, the conventional paradigm is reactive, assumption‑heavy, and opaque.
To transcend the limitations above, we propose a frontier methodology called *Adversarial Observation Inference via Generative Bayesian Ensembles (AOI‑GBE). The key components are:
Generative Observation Modeling (GOM) – A conditional generative adversarial network (CC‑GAN) learns the joint distribution of clean and perturbed observations from collected interaction logs [10] . This model is trained offline on a mixture of nominal and adversarial data, enabling in‑situ reconstruction of missing or corrupted sensor streams during inference.
Bayesian Policy Inference (BPI) – Policies are treated as latent variables in a hierarchical Bayesian model. Observation likelihoods are marginalized over the GOM, producing a posterior over policies that naturally integrates uncertainty from AOPs [11] . This yields probabilistic policy estimates that are robust to unseen perturbations.
LLM‑Driven Adversarial Curriculum (LLM‑AC) – Leveraging LLM‑TOC [12], we generate semantic adversarial scenarios (e.g., mis‑labelled navigation instructions, corrupted map tiles) that expose policy brittleness. The outer LLM loop crafts perturbations that maximize regret for the inner MARL agents, ensuring curriculum diversity beyond numeric noise.
Cooperative Resilience Layer (CRL) – Building on the cooperative resilience concept [13], AOI‑GBE incorporates anticipation, resistance, recovery, and transformation signals into the policy prior. The CRL monitors cumulative observation entropy and triggers local recovery policies when entropy exceeds a threshold, enabling graceful degradation.
Meta‑Learning for Inference‑Time Adaptation (ML‑ITA) – A lightweight meta‑learner (similar to MAML) adjusts the GOM parameters online in response to detected drift, ensuring that the generative model remains calibrated to evolving adversarial tactics [14] .
Explainable Inference Traces (EIT) – Post‑hoc saliency maps are generated over the latent space of the GOM and the posterior policy distribution, allowing human operators to trace how observation perturbations influence policy decisions [8][9].
Collectively, AOI‑GBE constitutes a probabilistic, generative, curriculum‑aware, and explainable framework that moves beyond static worst‑case bounds toward adaptive, data‑driven inference under adversarial observation perturbations.
The proposed AOI‑GBE methodology offers several decisive advantages over conventional robust MARL:
By fusing generative modeling, Bayesian inference, LLM‑driven curricula, cooperative resilience, and meta‑learning, AOI‑GBE transcends the conventional robustness paradigm, delivering a frontier solution that is both theoretically grounded and practically deployable in high‑stakes multi‑agent domains.
| 1 | Robust Multi-Agent Reinforcement Learning by Mutual Information Regularization 2023-10-14 The work most similar to ours is ERNIE , which minimize the Lipshitz constant of value function under worst-case perturbations in MARL. However, the method considers all agents as potential adversaries, thus inherits the drawback of M3DDPG, learning policy that can either be pessimistic or insufficiently robust. Method Unlike current robust MARL approaches that prepares against every conceivable threat, human learns in routine scenarios, but can reliably reflect to all types of threats encounter... |
| 2 | The integration of autonomous decision-making frameworks within Web3 ecosystems represents a profound and transformative advancement in decentralized technologies. 2026-02-08 As the number of agents and the complexity of their tasks increase, ensuring efficient computation for AI models (especially on-chain inference), secure decentralized off-chain computation, and effective coordination mechanisms becomes paramount. Solutions may involve specialized Layer 2 scaling solutions designed for agent-centric computation, parallel processing architectures, and advanced multi-agent reinforcement learning (MARL) techniques to optimize cooperative behaviors. Security and Robu... |
| 3 | Constrained Black-Box Attacks Against Multi-Agent Reinforcement Learning 2025-12-31 In this paper, we investigate new vulnerabilities under more realistic and constrained conditions, assuming an adversary can only collect and perturb the observations of deployed agents.We also consider scenarios where the adversary has no access at all.We propose simple yet highly effective algorithms for generating adversarial perturbations designed to misalign how victim agents perceive their environment.... |
| 4 | A Regularized Opponent Model with Maximum Entropy Objective 2019-07-31 In this work, we use the word "opponent" when referring to another agent in the environment irrespective of the environment's cooperative or adversarial nature. In our work, we reformulate the MARL problem into Bayesian inference and derive a multi-agent version of MEO, which we call the regularized opponent model with maximum entropy objective (ROMMEO). (2019)... |
| 5 | Image Compression And Decoding, Video Compression And Decoding: Methods And Systems 2026-03-25 Note, during training the quantisation operation Q is not used, but we have to use it at inference time to obtain a strictly discrete latent. FIG. shows an example model architecture with side-information. The encoder network generates moments p and a together with the latent space y: the latent space is then normalised by these moments and trained against a normal prior distribution with mean zero and variance 1. When decoded, the latent space is denormalised using the same mean and variance. N... |
| 6 | MAESTRO: Multi-Agent Environment Shaping through Task and Reward Optimization 2025-12-31 Adversarial and co-evolutionary approaches such as PAIRED and POET construct challenging environments that drive robust skill acquisition. In cooperative MARL, difficulty-aware curricula (e.g., cMALC-D ) adjust task parameters based on performance.In TSC, curricula typically perturb numeric parameters such as arrival rates or demand scales , which improves learning but captures only a narrow slice of real-world structure (e.g., complex rush-hour patterns or localized bottlenecks). MAESTRO extend... |
| 7 | Hierarchical Refinement of Universal Multimodal Attacks on Vision-Language Models 2026-01-14 In the context of universal adversarial perturbation learning, where gradients are aggregated across the entire dataset, historical gradients may become misaligned with the current optimization direction, limiting attack effectiveness.... |
| 8 | by Esben Kran, HaydnBelfield, Apart Research 2026-04-22 Curious to see more generality testing for the inverse scaling. See the dataset generation code, the graph plotting code, and the report. By Clement Dumas, Charbel-Raphael Segerie, Liam Imadache Abstract: Neural Trojans are one of the most common adversarial attacks out there. Even though they have been extensively studied in computer vision, they can also easily target LLMs and transformer based architecture. Researchers have designed multiple ways of poisoning datasets in order to create a bac... |
| 9 | Attackers Strike Back? Not Anymore - An Ensemble of RL Defenders Awakens for APT Detection 2025-08-25 Adversarial reinforcement learning introduces a perturbation-generating agent that seeks to fool the defender agent. This setting is often modeled as a minimax game: , where π D is the defender's policy and π A is the attacker's. Multi-Agent and Ensemble RL Multi-agent reinforcement learning (MARL) extends single-agent RL to environments with multiple agents, which may be cooperative, competitive, or mixed.... |
| 10 | Decentralized Multi-Agent Actor-Critic with Generative Inference 2019-10-06 Specifically, we use a modified context conditional generative adversarial network (CC-GAN) to infer missing joint observations given partial observations. The task of filling in partial observations by generative inference is similar to the image inpainting problem for a missing patch of pixels: with an arbitrary number of missing observations, we would like to infer the most likely observation of the other agents. We extend the popular MADDPG method as it appears most amenable to full decentra... |
| 11 | This paper demonstrates how reinforcement learning can explain two puzzling empirical patterns in household consumption behavior during economic downturns. 2026-04-21 As a first step towards model-free Bayes optimality, we introduce the Bayesian exploration network (BEN) which uses normalising flows to model both the aleatoric uncertainty (via density estimation) and epistemic uncertainty (via variational inference) in the Bellman operator. In the limit of complete optimisation, BEN learns true Bayes-optimal policies, but like in variational expectation-maximisation, partial optimisation renders our approach tractable. Empirical results demonstrate that BEN c... |
| 12 | LLM-TOC: LLM-Driven Theory-of-Mind Adversarial Curriculum for Multi-Agent Generalization 2026-03-07 To address these limitations, we propose LLM-TOC (LLM-Driven Theory-of-Mind Adversarial Curriculum), which casts generalization as a bi-level Stackelberg game: in the inner loop, a MARL agent (the follower) minimizes regret against a fixed population, while in the outer loop, an LLM serves as a semantic oracle that generates executable adversarial or cooperative strategies in a Turing-complete code space to maximize the agent's regret. To cope with the absence of gradients in discrete code gener... |
| 13 | Learning Reward Functions for Cooperative Resilience in Multi-Agent Systems 2025-12-31 In particular, in mixed-motive multi-agent systems, agents must do more than simply optimize individual performance, they must collectively adapt and recover from disruptions to preserve system-level well-being.Disruptions, whether internal (e.g., system failures), external (e.g., environmental shocks), or adversarial (e.g., targeted attacks), can compromise system performance, underscoring the need for adaptive recovery mechanisms .This motivates recent studies of resilience in multi-agent syst... |
| 14 | GH Research PLC: EXHIBIT 99.2 (EX-99.2) 2026-05-13 In November 2025, we submitted a complete response to the clinical hold and in December 2025, the hold was lifted by the FDA. In parallel, we are conducting the Phase 1 healthy volunteer clinical pharmacology trial (GH001-HV-106) using our proprietary device in the United Kingdom. GH002 is our second mebufotenin product candidate, formulated for administration via a proprietary intravenous injection approach. We have completed a randomized, double-blind, placebo-controlled, dose-ranging clinical... |