ArXiv: CIA Reveals How Multi-Agent System Privacy Can Be Broken via Black Box
Why it matters
A new research paper on CIA (Communication Inference Attack) demonstrates that the communication topology of LLM multi-agent systems can be reconstructed solely from external queries, with 87%+ accuracy. Implications for the security and privacy of AI systems.
A research team has presented CIA (Communication Inference Attack), a method that enables reconstruction of the internal communication topology of LLM multi-agent systems using exclusively black-box access — without access to code, weights, or logs.
How the Attack Works
CIA sends carefully designed queries to the multi-agent system and analyzes the responses. From patterns in the responses — speed, content, consistency — the algorithm reconstructs:
- Which agents communicate with each other
- The hierarchy of decision-making
- The flow of information through the system
Reconstruction accuracy reaches 0.87+ AUC (Area Under Curve), meaning an attacker can map the internal architecture of the system with high confidence.
Security Implications
Knowledge of a multi-agent system’s internal topology enables:
- Targeted attacks on the most critical agents in the chain
- Social engineering — manipulating specific agents that influence decisions
- Intelligence theft — reconstructing business logic from the system’s architecture
Why It Matters
As enterprises increasingly use multi-agent systems for critical business processes, this paper warns that the architecture itself becomes a vulnerability — even without access to code or data, an attacker can understand how the system works internally.
This article was generated using artificial intelligence from primary sources.
Related news
OpenAI offers $25,000 for finding universal jailbreaks in GPT-5.5 biosecurity
GPT-5.5 System Card: OpenAI publishes safety evaluations and risk assessment for the new model
OpenAI releases Privacy Filter: open-weight model for detecting and redacting personal data