pith. sign in
Pith Number

pith:WHSYSS7U

pith:2024:WHSYSS7UY2YUZCWI43IT36PRSL
not attested not anchored not stored refs resolved

Prompt Infection: LLM-to-LLM Prompt Injection within Multi-Agent Systems

Donghyun Lee, Mo Tiwari

Malicious prompts can self-replicate from one LLM agent to others in multi-agent systems, spreading like a virus.

arxiv:2410.07283 v1 · 2024-10-09 · cs.MA · cs.AI · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{WHSYSS7UY2YUZCWI43IT36PRSL}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

We introduce Prompt Infection, a novel attack where malicious prompts self-replicate across interconnected agents, behaving much like a computer virus. This attack poses severe threats, including data theft, scams, misinformation, and system-wide disruption, all while propagating silently through the system.

C2weakest assumption

That LLM agents will reliably execute and propagate the injected malicious prompts when received from other agents, without built-in refusal mechanisms or sufficient context to detect the infection, even in partially shared communication setups.

C3one line summary

Prompt injection attacks can self-replicate across LLM agents in multi-agent systems, enabling data theft, misinformation, and system disruption while propagating silently.

References

101 extracted · 101 resolved · 26 Pith anchors

[1] Psysafe: A comprehensive framework for psychological-based attack, defense, and evaluation of multi-agent system safety · doi:10.48550/arxiv.2401.11880
[3] Tian, Yu and Yang, Xiao and Zhang, Jingyuan and Dong, Yinpeng and Su, Hang , month = feb, year =. Evil
[4] Not what you've signed up for:
[5] , month = sep, year =
[6] StruQ: Defending Against Prompt Injection with Structured Queries · doi:10.48550/arxiv.2402.06363

Formal links

2 machine-checked theorem links

Cited by

26 papers in Pith

Large Language Model Agent: A Survey on Methodology, Applications and Challenges
MAGIQ: A Post-Quantum Multi-Agentic AI Governance System with Provable Security
On the Geometric Limits of Transformer Defenses against Obfuscation Attacks: Latent Embedding Collapse & Performance Robustness Gap
To trust or not to trust: Attention-based Trust Management for LLM Multi-Agent Systems
Scheming Ability in LLM-to-LLM Strategic Interactions
Receipt and verification
First computed 2026-05-17T23:38:50.417208Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

b1e5894bf4c6b14c8ac8e6d13df9f192d5ca01f8956c653a8b7f4df2dcc3929c

Aliases

arxiv: 2410.07283 · arxiv_version: 2410.07283v1 · doi: 10.48550/arxiv.2410.07283 · pith_short_12: WHSYSS7UY2YU · pith_short_16: WHSYSS7UY2YUZCWI · pith_short_8: WHSYSS7U
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/WHSYSS7UY2YUZCWI43IT36PRSL \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: b1e5894bf4c6b14c8ac8e6d13df9f192d5ca01f8956c653a8b7f4df2dcc3929c
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "150d92e4c44659a988d553976dfb33b5a2b99eea00fd107f3acde2dc4536d928",
    "cross_cats_sorted": [
      "cs.AI",
      "cs.CR"
    ],
    "license": "http://creativecommons.org/licenses/by-sa/4.0/",
    "primary_cat": "cs.MA",
    "submitted_at": "2024-10-09T11:01:29Z",
    "title_canon_sha256": "9396357490d2530e8840baddc4e7cee0c7e195427cb9b5e393ff922fd715d568"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2410.07283",
    "kind": "arxiv",
    "version": 1
  }
}