Challenge: Multi-agent LLMs are prone to adversarial attacks because of constraints such as limited token bandwidth and latency between message delivery.
Approach: They propose a permutation-invariant adversarial attack that optimizes prompt distribution across latency and bandwidth constraints to bypass distributed safety mechanisms within the system.
Outcome: The proposed method outperforms conventional attacks by up to 7 on multiple models.

Similar Papers

Conjunctive Prompt Attacks in Multi-Agent LLM Systems (2026.acl-long)

Copied to clipboard

Challenge: Existing defenses do not reliably stop the attack because no single component appears malicious in isolation.
Approach: They study conjunctive prompt attacks where trigger key and adversarial template appear benign alone but activate harmful behavior when routing brings them together.
Outcome: The proposed model significantly improves performance over baselines while keeping false activations low.
Defending Jailbreak Prompts via In-Context Adversarial Game (2024.emnlp-main)

Copied to clipboard

Challenge: Large Language Models (LLMs) demonstrate remarkable capabilities across diverse applications, but concerns regarding their security persist.
Approach: They propose an adversarial game that leverages agent learning to extend knowledge to defend against jailbreaks.
Outcome: The proposed game shows that LLMs safeguarded by ICAG exhibit significantly reduced jailbreak success rates across various attack scenarios.
Red-Teaming LLM Multi-Agent Systems via Communication Attacks (2025.findings-acl)

Copied to clipboard

Challenge: Large Language Model-based Multi-Agent Systems (LLM-MAS) have revolutionized complex problem-solving capability by enabling agent collaboration through message-based communications.
Approach: They propose an attack that exploits communication mechanisms in Large Language Model-based Multi-Agent Systems (LLM-MAS) by intercepting and manipulating inter-agent messages.
Outcome: The proposed attack exploits communication mechanisms in large language model-based multi-agent systems by intercepting and manipulating inter-agencies.
The TIP of the Iceberg: Revealing a Hidden Class of Task-in-Prompt Adversarial Attacks on LLMs (2025.acl-long)

Copied to clipboard

Challenge: cipher decoding, riddles, code execution embedded into model prompts bypass safety safeguards of large language models (LLMs) .
Approach: They introduce a novel class of adversarial jailbreak adversarials on large language models, termed Task-in-Prompt (TIP) attacks.
Outcome: The proposed techniques circumvent safeguards in six state-of-the-art language models, including GPT-4o and LLaMA 3.2, and consistently generate restricted content .
Are My Optimized Prompts Compromised? Exploring Vulnerabilities of LLM-based Optimizers (2026.eacl-long)

Copied to clipboard

Challenge: Recent studies have focused on poisoning during supervised fine-tuning, RLHF, or inference-time time optimization.
Approach: They propose a simple fake reward attack that requires no access to the reward model and significantly increases vulnerability.
Outcome: The proposed attack reduces the fake reward ASR from 0.23 to 0.07 without degrading utility.
Iterative Self-Tuning LLMs for Enhanced Jailbreaking Capabilities (2025.naacl-long)

Copied to clipboard

Challenge: Recent research shows that Large Language Models (LLMs) are vulnerable to automated jailbreak attacks.
Approach: They propose a framework that crafts adversarial LLMs with enhanced jailbreak ability.
Outcome: ADV-LLM significantly reduces the computational cost of generating adversarial suffixes while achieving nearly 100% ASR on various open-source LLMs.
TAMAS: Benchmarking Adversarial Risks in Multi-Agent LLM Systems (2026.acl-long)

Copied to clipboard

Challenge: Existing benchmarks and datasets focus on single-agent settings, failing to capture the unique vulnerabilities of multi-agend LLM dynamics and co-ordination.
Approach: They propose a benchmark to evaluate the robustness and safety of multi-agent LLM systems.
Outcome: The proposed benchmark evaluates the robustness and safety of multi-agent LLM systems.
Breaking Agents: Compromising Autonomous LLM Agents Through Malfunction Amplification (2025.emnlp-main)

Copied to clipboard

Challenge: Recent advances in large language models (LLMs) have increased the vulnerability of LLMs, but they can cause more severe damage than standalone systems if compromised.
Approach: They propose a new type of attack that induces malfunctions by misleading the agent into executing repetitive or irrelevant actions.
Outcome: The proposed attacks induce failure rates exceeding 80% in multiple scenarios, highlighting the substantial risks associated with this vulnerability.
Defending Large Language Models Against Jailbreak Attacks via Layer-specific Editing (2024.findings-emnlp)

Copied to clipboard

Challenge: Existing defense methods focus on detecting harmful prompts or reducing the likelihood of harmful responses.
Approach: They propose a layer-specific editing method to align LLMs to harmful prompts by supervised fine-tuning and reinforcement learning.
Outcome: The proposed method improves the performance of large language models against jailbreak attacks while maintaining performance on benign prompts.
Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs Through a Global Prompt Hacking Competition (2023.emnlp-main)

Copied to clipboard

Challenge: Large Language Models are increasingly being deployed in interactive contexts that involve direct user engagement.
Approach: They run a global prompt hacking competition to encourage research on prompt hacks . they elicit 600K+ adversarial prompts against three state-of-the-art LLMs based on a dataset .
Outcome: The results of the competition show that current LLMs can be manipulated via prompt hacking . the competition elicits 600K+ adversarial prompts against three state-of-the-art LLM models .

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations