{"id":"https://openalex.org/W7134814921","doi":"https://doi.org/10.1109/tdsc.2026.3670889","title":"Cracks in Collaboration: Threat Models and Attacks on Multi-LLM Collaborative Systems","display_name":"Cracks in Collaboration: Threat Models and Attacks on Multi-LLM Collaborative Systems","publication_year":2026,"publication_date":"2026-03-09","ids":{"openalex":"https://openalex.org/W7134814921","doi":"https://doi.org/10.1109/tdsc.2026.3670889"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2026.3670889","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3670889","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5128662584","display_name":"Meng Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I114017466","display_name":"University of Technology Sydney","ror":"https://ror.org/03f0f6041","country_code":"AU","type":"education","lineage":["https://openalex.org/I114017466"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Meng Yang","raw_affiliation_strings":["University of Technology Sydney, Ultimo, NSW, Australia"],"raw_orcid":"https://orcid.org/0009-0006-3816-7924","affiliations":[{"raw_affiliation_string":"University of Technology Sydney, Ultimo, NSW, Australia","institution_ids":["https://openalex.org/I114017466"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128672797","display_name":"Tianqing Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I6469544","display_name":"City University of Macau","ror":"https://ror.org/04gpd4q15","country_code":"MO","type":"education","lineage":["https://openalex.org/I6469544"]}],"countries":["MO"],"is_corresponding":false,"raw_author_name":"Tianqing Zhu","raw_affiliation_strings":["City University of Macau, Macau, China"],"raw_orcid":"https://orcid.org/0000-0003-3411-7947","affiliations":[{"raw_affiliation_string":"City University of Macau, Macau, China","institution_ids":["https://openalex.org/I6469544"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128652768","display_name":"Bo Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I114017466","display_name":"University of Technology Sydney","ror":"https://ror.org/03f0f6041","country_code":"AU","type":"education","lineage":["https://openalex.org/I114017466"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Bo Liu","raw_affiliation_strings":["University of Technology Sydney, Ultimo, NSW, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3603-6617","affiliations":[{"raw_affiliation_string":"University of Technology Sydney, Ultimo, NSW, Australia","institution_ids":["https://openalex.org/I114017466"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5128655652","display_name":"Heng Xu","orcid":null},"institutions":[{"id":"https://openalex.org/I6469544","display_name":"City University of Macau","ror":"https://ror.org/04gpd4q15","country_code":"MO","type":"education","lineage":["https://openalex.org/I6469544"]}],"countries":["MO"],"is_corresponding":false,"raw_author_name":"Heng Xu","raw_affiliation_strings":["City University of Macau, Macau, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"City University of Macau, Macau, China","institution_ids":["https://openalex.org/I6469544"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5083672733","display_name":"WANLEI ZHOU","orcid":null},"institutions":[{"id":"https://openalex.org/I6469544","display_name":"City University of Macau","ror":"https://ror.org/04gpd4q15","country_code":"MO","type":"education","lineage":["https://openalex.org/I6469544"]}],"countries":["MO"],"is_corresponding":false,"raw_author_name":"Wanlei Zhou","raw_affiliation_strings":["City University of Macau, Macau, China"],"raw_orcid":"https://orcid.org/0000-0002-1680-2521","affiliations":[{"raw_affiliation_string":"City University of Macau, Macau, China","institution_ids":["https://openalex.org/I6469544"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5128662584"],"corresponding_institution_ids":["https://openalex.org/I114017466"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.31216281,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"3","first_page":"7191","last_page":"7207"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.13269999623298645,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.13269999623298645,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.07519999891519547,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.05510000139474869,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8082000017166138},{"id":"https://openalex.org/keywords/flexibility","display_name":"Flexibility (engineering)","score":0.6184999942779541},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5335999727249146},{"id":"https://openalex.org/keywords/work","display_name":"Work (physics)","score":0.37400001287460327},{"id":"https://openalex.org/keywords/collaborative-software","display_name":"Collaborative software","score":0.3447999954223633},{"id":"https://openalex.org/keywords/communications-system","display_name":"Communications system","score":0.3142000138759613},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.30090001225471497}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8169999718666077},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8082000017166138},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7148000001907349},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.6184999942779541},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5335999727249146},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.37400001287460327},{"id":"https://openalex.org/C554579003","wikidata":"https://www.wikidata.org/wiki/Q474157","display_name":"Collaborative software","level":2,"score":0.3447999954223633},{"id":"https://openalex.org/C101765175","wikidata":"https://www.wikidata.org/wiki/Q577764","display_name":"Communications system","level":2,"score":0.3142000138759613},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.30090001225471497},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.2946999967098236},{"id":"https://openalex.org/C18555067","wikidata":"https://www.wikidata.org/wiki/Q8375051","display_name":"Joint (building)","level":2,"score":0.29420000314712524},{"id":"https://openalex.org/C2779201187","wikidata":"https://www.wikidata.org/wiki/Q2775060","display_name":"Information leakage","level":2,"score":0.29170000553131104},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.28859999775886536},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.28760001063346863},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.257099986076355},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2515999972820282}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2026.3670889","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3670889","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6745982766151428}],"awards":[{"id":"https://openalex.org/G2717076792","display_name":null,"funder_award_id":"0012/2025/RIC","funder_id":"https://openalex.org/F4320323893","funder_display_name":"Fundo para o Desenvolvimento das Ci\u00eancias e da Tecnologia"}],"funders":[{"id":"https://openalex.org/F4320323893","display_name":"Fundo para o Desenvolvimento das Ci\u00eancias e da Tecnologia","ror":"https://ror.org/05vna4324"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Multi-LLM":[0,145],"collaborative":[1,31,87,146,173,211],"systems":[2,174,212],"have":[3],"attracted":[4],"significant":[5],"attention":[6],"as":[7,68],"a":[8,27,169],"promising":[9],"solution":[10],"for":[11,168,203],"complex":[12],"tasks,":[13],"enabling":[14],"multiple":[15],"large":[16],"language":[17],"models":[18],"(LLMs)":[19],"with":[20,50],"different":[21,113],"domains":[22],"to":[23,111],"work":[24,161],"together":[25],"toward":[26],"common":[28],"goal.":[29],"Different":[30],"structures":[32,132],"(e.g.,":[33,42],"Centralized,":[34],"Horizontal,":[35],"and":[36,39,45,53,64,74,101,118,133,141,181,192],"Joint":[37],"Interaction)":[38],"communication":[40,135,194],"methods":[41,93,153],"direct,":[43],"summary,":[44],"vote)":[46],"give":[47],"the":[48,69,75,82,107,124,127,138,157,165,177,184,189,193,204,214],"system":[49,116,190],"enhanced":[51],"flexibility":[52],"reasoning":[54],"capability.":[55],"However,":[56],"these":[57],"same":[58],"mechanisms":[59],"also":[60],"introduce":[61],"potential":[62,142],"security":[63,139],"privacy":[65,119],"risks,":[66],"such":[67],"generation":[70],"of":[71,77,86,126,206],"incorrect":[72],"responses":[73],"leakage":[76],"sensitive":[78],"information.":[79],"Based":[80],"on":[81,130,172],"above":[83],"unique":[84],"characteristics":[85],"systems,":[88],"we":[89],"propose":[90],"three":[91,131,134],"attack":[92,129,158,171,198],"(named":[94],"Decision":[95],"Poisoning":[96],"Attack,":[97],"Indirect":[98],"Echoleak":[99],"Attack":[100],"Information":[102],"Collision":[103],"Attack)":[104],"that":[105,154,163],"exploit":[106],"interactions":[108],"between":[109],"LLMs":[110],"achieve":[112],"objectives":[114],"like":[115],"manipulation":[117],"leakage.":[120],"Extensive":[121],"experiments":[122],"demonstrate":[123],"effectiveness":[125],"proposed":[128],"methods,":[136],"highlighting":[137],"vulnerabilities":[140],"risks":[143],"in":[144,213],"systems.":[147],"We":[148],"further":[149],"discuss":[150],"possible":[151],"defense":[152],"can":[155,196],"mitigate":[156],"performance.":[159],"Our":[160],"show":[162],"(1)":[164],"key":[166],"factor":[167],"successful":[170],"is":[175],"ensuring":[176],"malicious":[178],"instruction":[179],"persists":[180],"propagates":[182],"throughout":[183],"inter-LLMs":[185],"communication.":[186],"(2)":[187],"both":[188],"architecture":[191],"method":[195],"affect":[197],"effectiveness,":[199],"offering":[200],"valuable":[201],"insights":[202],"design":[205],"more":[207],"secure":[208],"Multi":[209],"LLM":[210],"future.":[215]},"counts_by_year":[],"updated_date":"2026-05-15T06:05:50.897203","created_date":"2026-03-11T00:00:00"}