Seven Security Challenges That Must be Solved in Cross-domain Multi-agent LLM Systems
Ronny Ko, Jiseong Jeong, Shuyuan Zheng, Chuan Xiao, Tae-Wan Kim, Makoto Onizuka, Won-Yong Shin
TL;DR
Cross-domain multi-agent LLM systems enable cross-ownership collaboration but create security risks beyond single-agent setups. The paper enumerates seven security challenges, grouped into behavior-centric and data-centric categories, and proposes evaluation metrics and countermeasures. It emphasizes that conventional single-domain defenses are insufficient when agents cross organizational boundaries, and highlights the need for new cross-domain protections such as dynamic trust, provenance, and verifiable privacy. The work advocates a security-first approach and calls for cross-disciplinary collaboration and open benchmarks to ensure safe deployment of inter-domain LLM ecosystems.
Abstract
Large language models (LLMs) are rapidly evolving into autonomous agents that cooperate across organizational boundaries, enabling joint disaster response, supply-chain optimization, and other tasks that demand decentralized expertise without surrendering data ownership. Yet, cross-domain collaboration shatters the unified trust assumptions behind current alignment and containment techniques. An agent benign in isolation may, when receiving messages from an untrusted peer, leak secrets or violate policy, producing risks driven by emergent multi-agent dynamics rather than classical software bugs. This position paper maps the security agenda for cross-domain multi-agent LLM systems. We introduce seven categories of novel security challenges, for each of which we also present plausible attacks, security evaluation metrics, and future research guidelines.