Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AgentShield: Make MAS more secure and efficient

Kaixiang Wang, Zhaojiacheng Zhou, Bunyod Suvonov, Jiong Lou, Jie LI

TL;DR

AgentShield tackles security challenges in LLM-based multi-agent systems by introducing a distributed auditing framework with three layers: Critical Node Auditing, Light Token Auditing, and Two-Round Consensus Auditing. It employs a coarse-to-fine cascade that prioritizes high-impact nodes, uses lightweight discriminative checks to cheaply filter benign outputs, and escalates hard cases to heavyweight arbiters to ensure global integrity. The approach is analyzed for security and efficiency and validated through extensive experiments across topologies and attack scenarios, achieving a 92.5% recovery rate and over 70% reduction in auditing overhead versus baselines, while remaining model-agnostic. The work demonstrates that combining topology-aware auditing with hierarchical consensus yields robust, scalable defenses for large-scale MAS without centralized bottlenecks.

Abstract

Large Language Model (LLM)-based Multi-Agent Systems (MAS) offer powerful cooperative reasoning but remain vulnerable to adversarial attacks, where compromised agents can undermine the system's overall performance. Existing defenses either depend on single trusted auditors, creating single points of failure, or sacrifice efficiency for robustness. To resolve this tension, we propose \textbf{AgentShield}, a distributed framework for efficient, decentralized auditing. AgentShield introduces a novel three-layer defense: \textbf{(i) Critical Node Auditing} prioritizes high-influence agents via topological analysis; \textbf{(ii) Light Token Auditing} implements a cascade protocol using lightweight sentry models for rapid discriminative verification; and \textbf{(iii) Two-Round Consensus Auditing} triggers heavyweight arbiters only upon uncertainty to ensure global agreement. This principled design optimizes the robustness-efficiency trade-off. Experiments demonstrate that AgentShield achieves a 92.5\% recovery rate and reduces auditing overhead by over 70\% compared to existing methods, maintaining high collaborative accuracy across diverse MAS topologies and adversarial scenarios.

AgentShield: Make MAS more secure and efficient

TL;DR

AgentShield tackles security challenges in LLM-based multi-agent systems by introducing a distributed auditing framework with three layers: Critical Node Auditing, Light Token Auditing, and Two-Round Consensus Auditing. It employs a coarse-to-fine cascade that prioritizes high-impact nodes, uses lightweight discriminative checks to cheaply filter benign outputs, and escalates hard cases to heavyweight arbiters to ensure global integrity. The approach is analyzed for security and efficiency and validated through extensive experiments across topologies and attack scenarios, achieving a 92.5% recovery rate and over 70% reduction in auditing overhead versus baselines, while remaining model-agnostic. The work demonstrates that combining topology-aware auditing with hierarchical consensus yields robust, scalable defenses for large-scale MAS without centralized bottlenecks.

Abstract

Large Language Model (LLM)-based Multi-Agent Systems (MAS) offer powerful cooperative reasoning but remain vulnerable to adversarial attacks, where compromised agents can undermine the system's overall performance. Existing defenses either depend on single trusted auditors, creating single points of failure, or sacrifice efficiency for robustness. To resolve this tension, we propose \textbf{AgentShield}, a distributed framework for efficient, decentralized auditing. AgentShield introduces a novel three-layer defense: \textbf{(i) Critical Node Auditing} prioritizes high-influence agents via topological analysis; \textbf{(ii) Light Token Auditing} implements a cascade protocol using lightweight sentry models for rapid discriminative verification; and \textbf{(iii) Two-Round Consensus Auditing} triggers heavyweight arbiters only upon uncertainty to ensure global agreement. This principled design optimizes the robustness-efficiency trade-off. Experiments demonstrate that AgentShield achieves a 92.5\% recovery rate and reduces auditing overhead by over 70\% compared to existing methods, maintaining high collaborative accuracy across diverse MAS topologies and adversarial scenarios.

Paper Structure

This paper contains 45 sections, 12 equations, 5 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Preliminary
  3. Motivation
  4. Multi-Agent System
  5. Threat Model
  6. Method
  7. Overview
  8. Critical Node Auditing
  9. Light Token Auditing
  10. From Generation to Discrimination.
  11. Two-round Consensus Auditing
  12. Round I: Randomized Sentry Verification ($\mathcal{M}_{\text{small}}$).
  13. Round II: Global Arbiter Arbitration ($\mathcal{M}_{\text{large}}$).
  14. Analysis
  15. Security.
  16. ...and 30 more sections

Figures (5)

  • Figure 1: The overall framework of AgentShield.
  • Figure 2: Overview of AgentShield.
  • Figure 3: Experimental results for attacker ratios of 0, 0.1, and 0.3 under different MAS sizes and different network topology. From top to bottom: 10 Agents, 20 Agents, and 40 Agents.
  • Figure 4: Execution time of different methods with a total of 6 agents under varying numbers of attack agents; Baseline denotes the case without any defense mechanism.
  • Figure 5: The network topologies used in the defense performance experiments, including attack agents and information flow.