Search papers, labs, and topics across Lattice.
This paper introduces SAIGuard, a proactive defense framework designed to enhance the security of LLM-based multi-agent systems (MAS) by simulating communication states within the interaction graph. By estimating the impact of incoming messages on both local and global states, SAIGuard identifies and sanitizes risky communications before they can propagate through the system, rather than merely isolating harmful agents post-attack. Experimental results demonstrate that SAIGuard significantly reduces attack success rates while preserving the collaborative utility of the MAS, outperforming traditional reactive defenses.
Proactive message sanitization in multi-agent systems can drastically reduce attack success rates while maintaining system performance.
LLM-based multi-agent systems (MAS) solve complex tasks through inter-agent collaboration, but their communication-driven nature also allows security risks to spread across agents and trigger system-wide failures. Existing MAS defenses mainly follow a reactive paradigm after execution by detecting and isolating harmful agents, which may cause irreversible damage and degrade collaborative utility. To address this, we propose a proactive defense framework for MAS security, namely a Simulation-aware Interception Guard (SAIGuard). SAIGuard performs communication-state simulation over the MAS interaction graph, estimates the impact of incoming messages on local agent states and the global MAS state, and detects risky messages via reconstruction deviations from benign communication patterns. Instead of isolating agents, SAIGuard sanitizes or regenerates suspicious messages before it propagation into system. Experiments across diverse topologies and attack scenarios show that SAIGuard reduces attack success rates while maintaining MAS utility, outperforming reactive defenses.