CIA: Inferring the Communication Topology from LLM-based Multi-Agent Systems
Summary: arXiv:2604.12461v1 Announce Type: new
Abstract
LLM-based Multi-Agent Systems (MAS) have demonstrated remarkable capabilities in solving complex tasks. Central to MAS is the communication topology which governs how agents exchange information internally. Consequently, the security of communication topologies has attracted increasing attention. In this paper, we investigate a critical privacy risk: MAS communication topologies can be inferred under a restrictive black-box setting, exposing system vulnerabilities and posing significant intellectual property threats.
Introduction
In recent years, Multi-Agent Systems (MAS) powered by Large Language Models (LLMs) have shown potential in various applications, including automated customer support, collaborative problem-solving, and autonomous decision-making. However, as these systems become more prevalent, understanding their internal communication dynamics is crucial for ensuring their security and privacy.
Understanding Communication Topology
The communication topology of a MAS defines how agents interact and share information. This structure is vital for optimizing performance and ensuring efficient information flow. However, if adversaries can infer this topology, they may exploit it for malicious purposes, such as stealing sensitive information or manipulating agent interactions.
Communication Inference Attack (CIA)
To address the risks associated with inferring communication topologies, we propose the Communication Inference Attack (CIA). This novel approach constructs adversarial queries designed to extract reasoning outputs from intermediate agents. By modeling the semantic correlations among agents, CIA can effectively reveal the underlying communication structure.
Methodology
The CIA employs two main techniques:
- Global Bias Disentanglement: This technique isolates the biases present in the agents’ reasoning outputs, allowing for a clearer understanding of how information flows between them.
- LLM-Guided Weak Supervision: By leveraging the capabilities of LLMs, this method enhances the accuracy of the inferred communication topologies through weakly supervised learning.
Experimental Results
We conducted extensive experiments on MAS with optimized communication topologies. The results demonstrated the effectiveness of the CIA, achieving an average Area Under the Curve (AUC) of 0.87 and a peak AUC of up to 0.99. These findings underscore the significant privacy risks associated with MAS and highlight the necessity for robust security measures.
Conclusion
The ability to infer communication topologies in LLM-based Multi-Agent Systems poses serious privacy and security threats. The Communication Inference Attack (CIA) provides a novel framework to explore these vulnerabilities, revealing critical insights into how information is exchanged within MAS. As the use of such systems expands, understanding and mitigating these risks will be essential for protecting sensitive data and intellectual property.
Future Work
Future research will focus on developing countermeasures to mitigate the risks posed by CIA and enhancing the resilience of communication topologies in MAS. Additionally, exploring the ethical implications of these systems will be vital for fostering trust and security in AI technologies.