ArXiv: CIA Reveals How Multi-Agent System Privacy Can Be Broken via Black Box

A research team has presented CIA (Communication Inference Attack), a method that enables reconstruction of the internal communication topology of LLM multi-agent systems using exclusively black-box access — without access to code, weights, or logs.

How the Attack Works

CIA sends carefully designed queries to the multi-agent system and analyzes the responses. From patterns in the responses — speed, content, consistency — the algorithm reconstructs:

• Which agents communicate with each other
• The hierarchy of decision-making
• The flow of information through the system

Reconstruction accuracy reaches 0.87+ AUC (Area Under Curve), meaning an attacker can map the internal architecture of the system with high confidence.

Security Implications

Knowledge of a multi-agent system’s internal topology enables:

• Targeted attacks on the most critical agents in the chain
• Social engineering — manipulating specific agents that influence decisions
• Intelligence theft — reconstructing business logic from the system’s architecture

Why It Matters

As enterprises increasingly use multi-agent systems for critical business processes, this paper warns that the architecture itself becomes a vulnerability — even without access to code or data, an attacker can understand how the system works internally.