Pith

open record

sign in

arxiv: 2502.14529 · v1 · pith:WMYZTTZI · submitted 2025-02-20 · cs.CL · cs.AI

CORBA: Contagious Recursive Blocking Attacks on Multi-Agent Systems Based on Large Language Models

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 reserved pith:WMYZTTZIrecord.jsonopen to challenge →

classification cs.CL cs.AI
keywords corballm-massattacksblockingcontagiousmodelsrecursivesystems
0
0 comments X
read the original abstract

Large Language Model-based Multi-Agent Systems (LLM-MASs) have demonstrated remarkable real-world capabilities, effectively collaborating to complete complex tasks. While these systems are designed with safety mechanisms, such as rejecting harmful instructions through alignment, their security remains largely unexplored. This gap leaves LLM-MASs vulnerable to targeted disruptions. In this paper, we introduce Contagious Recursive Blocking Attacks (Corba), a novel and simple yet highly effective attack that disrupts interactions between agents within an LLM-MAS. Corba leverages two key properties: its contagious nature allows it to propagate across arbitrary network topologies, while its recursive property enables sustained depletion of computational resources. Notably, these blocking attacks often involve seemingly benign instructions, making them particularly challenging to mitigate using conventional alignment methods. We evaluate Corba on two widely-used LLM-MASs, namely, AutoGen and Camel across various topologies and commercial models. Additionally, we conduct more extensive experiments in open-ended interactive LLM-MASs, demonstrating the effectiveness of Corba in complex topology structures and open-source models. Our code is available at: https://github.com/zhrli324/Corba.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 6 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Hierarchical Attacks for Multi-Modal Multi-Agent Reasoning

    cs.AI 2026-05 unverdicted novelty 7.0

    HAM³ achieves up to 78.3% attack success rate on the GQA benchmark by hierarchically attacking perception, communication, and reasoning layers in multi-modal multi-agent systems.

  2. Copyright Protection for Large Language Models: A Survey of Methods, Challenges, and Trends

    cs.CR 2025-08 accept novelty 7.0

    A survey of LLM copyright protection that unifies text watermarking, model watermarking, and model fingerprinting while presenting new coverage of fingerprint transfer and removal.

  3. When AI reviews science: Can we trust the referee?

    cs.AI 2026-04 unverdicted novelty 6.0

    AI peer review systems are vulnerable to prompt injections, prestige biases, assertion strength effects, and contextual poisoning, as demonstrated by a new attack taxonomy and causal experiments on real conference sub...

  4. BlindGuard: Safeguarding LLM-based Multi-Agent Systems under Unknown Attacks

    cs.AI 2025-08 unverdicted novelty 6.0

    BlindGuard introduces an unsupervised hierarchical agent encoder plus corruption-guided contrastive detector that identifies malicious agents in LLM-based multi-agent systems without any attack labels or prior knowled...

  5. Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation

    cs.CR 2026-06 unverdicted novelty 3.0

    A synthesis of 247 papers on LLM agent security identifies prompt injection and tool hijacking as dominant threats, notes weakly compositional defenses, and argues for trust boundaries and realistic evaluations.

  6. Large Language Model Agent: A Survey on Methodology, Applications and Challenges

    cs.CL 2025-03 accept novelty 3.0

    A survey that deconstructs LLM agent systems via a methodology-centered taxonomy linking design principles to emergent behaviors, applications, and challenges.