{"id":"https://openalex.org/W7151606460","doi":"https://doi.org/10.1109/icmla66185.2025.00174","title":"Analyzing Code Injection Attacks on LLM-based Multi-Agent Systems in Software Development","display_name":"Analyzing Code Injection Attacks on LLM-based Multi-Agent Systems in Software Development","publication_year":2025,"publication_date":"2025-12-03","ids":{"openalex":"https://openalex.org/W7151606460","doi":"https://doi.org/10.1109/icmla66185.2025.00174"},"language":null,"primary_location":{"id":"doi:10.1109/icmla66185.2025.00174","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00174","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121585345","display_name":"Brian Bowers","orcid":null},"institutions":[{"id":"https://openalex.org/I35566140","display_name":"Loyola Marymount University","ror":"https://ror.org/00xhj8c72","country_code":"US","type":"education","lineage":["https://openalex.org/I35566140"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Brian Bowers","raw_affiliation_strings":["Loyola Marymount University,Department of Computer Science,Los Angeles,USA"],"affiliations":[{"raw_affiliation_string":"Loyola Marymount University,Department of Computer Science,Los Angeles,USA","institution_ids":["https://openalex.org/I35566140"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119121273","display_name":"Smita Khapre","orcid":null},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Smita Khapre","raw_affiliation_strings":["University of Colorado Colorado Springs,Department of Computer Science,Colorado Springs,USA"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs,Department of Computer Science,Colorado Springs,USA","institution_ids":["https://openalex.org/I888729015"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049180880","display_name":"Jugal Kalita","orcid":"https://orcid.org/0000-0002-8765-7018"},"institutions":[{"id":"https://openalex.org/I888729015","display_name":"University of Colorado Colorado Springs","ror":"https://ror.org/054spjc55","country_code":"US","type":"education","lineage":["https://openalex.org/I888729015"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jugal Kalita","raw_affiliation_strings":["University of Colorado Colorado Springs,Department of Computer Science,Colorado Springs,USA"],"affiliations":[{"raw_affiliation_string":"University of Colorado Colorado Springs,Department of Computer Science,Colorado Springs,USA","institution_ids":["https://openalex.org/I888729015"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5121585345"],"corresponding_institution_ids":["https://openalex.org/I35566140"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.87692024,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1131","last_page":"1136"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.27090001106262207,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.27090001106262207,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.14640000462532043,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.049800001084804535,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.47290000319480896},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.45669999718666077},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.41990000009536743},{"id":"https://openalex.org/keywords/software-system","display_name":"Software system","score":0.29989999532699585},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.2741999924182892}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6237000226974487},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.47290000319480896},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.45669999718666077},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.4316999912261963},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.41990000009536743},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.29989999532699585},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.2768000066280365},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2741999924182892},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.27300000190734863},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2694999873638153},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.2660999894142151},{"id":"https://openalex.org/C2776542497","wikidata":"https://www.wikidata.org/wiki/Q5266672","display_name":"Development (topology)","level":2,"score":0.25769999623298645},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.25429999828338623}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icmla66185.2025.00174","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00174","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5127366781234741,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W1989609831","https://openalex.org/W2546621204","https://openalex.org/W4244507950","https://openalex.org/W4391377904","https://openalex.org/W4393065402","https://openalex.org/W4399557965","https://openalex.org/W4402671883","https://openalex.org/W4409325865","https://openalex.org/W4412130522","https://openalex.org/W4412888620","https://openalex.org/W7125135101","https://openalex.org/W7133223293"],"related_works":[],"abstract_inverted_index":{"Agentic":[0],"AI":[1],"and":[2,10,91,102,116,129],"Multi-Agent":[3],"Systems":[4],"are":[5,79],"poised":[6],"to":[7,81,87,104,170,193],"dominate":[8],"industry":[9],"society":[11],"imminently.":[12],"Powered":[13],"by":[14,106,142,161],"goal-driven":[15],"autonomy,":[16],"they":[17,78],"represent":[18],"a":[19,26,44,59,144],"powerful":[20],"form":[21],"of":[22,43,51,93,113],"generative":[23],"AI,":[24],"marking":[25],"transition":[27],"from":[28,191],"reactive":[29],"content":[30],"generation":[31],"into":[32],"proactive":[33],"multitasking":[34],"capabilities.":[35],"As":[36],"an":[37,41],"exemplar,":[38],"we":[39,148],"propose":[40],"architecture":[42,121],"multi-agent":[45,114],"system":[46],"for":[47,63],"the":[48,52,64,96,111,119,127,150,164,182,187],"implementation":[49],"phase":[50],"software":[53],"engineering":[54],"process.":[55],"We":[56,67,139,159],"also":[57],"present":[58],"comprehensive":[60],"threat":[61],"model":[62],"proposed":[65],"system.":[66],"demonstrate":[68],"that":[69,118,141,163,176],"while":[70,154],"such":[71],"systems":[72,99,115],"can":[73,185],"generate":[74],"code":[75,84,172,184],"quite":[76],"accurately,":[77],"vulnerable":[80,169],"attacks,":[82,174],"including":[83],"injection.":[85],"Due":[86],"their":[88],"autonomous":[89],"design":[90],"lack":[92],"humans":[94],"in":[95,152,181],"loop,":[97],"these":[98],"cannot":[100],"identify":[101],"respond":[103],"attacks":[105],"themselves.":[107],"This":[108],"paper":[109],"analyzes":[110],"vulnerability":[112],"concludes":[117],"coder-reviewer-tester":[120],"is":[122,133,168],"more":[123],"resilient":[124],"than":[125],"both":[126],"coder":[128],"coder-tester":[130],"architectures,":[131],"but":[132],"less":[134],"efficient":[135],"at":[136],"writing":[137],"code.":[138],"find":[140],"adding":[143],"security":[145,165],"analysis":[146,166],"agent,":[147],"mitigate":[149],"loss":[151],"efficiency":[153],"achieving":[155],"even":[156],"better":[157],"resiliency.":[158],"conclude":[160],"demonstrating":[162],"agent":[167],"advanced":[171],"injection":[173],"showing":[175],"embedding":[177],"poisonous":[178],"few-shot":[179],"examples":[180],"injected":[183],"increase":[186],"attack":[188],"success":[189],"rate":[190],"0%":[192],"71.95%.":[194]},"counts_by_year":[],"updated_date":"2026-04-09T06:08:40.794217","created_date":"2026-04-08T00:00:00"}