{"id":"https://openalex.org/W7117574946","doi":"https://doi.org/10.48550/arxiv.2512.21818","title":"Analyzing Code Injection Attacks on LLM-based Multi-Agent Systems in Software Development","display_name":"Analyzing Code Injection Attacks on LLM-based Multi-Agent Systems in Software Development","publication_year":2025,"publication_date":"2025-12-26","ids":{"openalex":"https://openalex.org/W7117574946","doi":"https://doi.org/10.48550/arxiv.2512.21818"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2512.21818","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.21818","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2512.21818","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5121585345","display_name":"Brian Bowers","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Bowers, Brian","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121585543","display_name":"Smita Khapre","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Khapre, Smita","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5121594688","display_name":"Jugal Kalita","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Kalita, Jugal","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5121585345"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.42089998722076416,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.42089998722076416,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.24120000004768372,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.02850000001490116,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6195999979972839},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.5982000231742859},{"id":"https://openalex.org/keywords/code-generation","display_name":"Code generation","score":0.4546999931335449},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.421099990606308},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4172999858856201},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4059000015258789},{"id":"https://openalex.org/keywords/static-program-analysis","display_name":"Static program analysis","score":0.3871999979019165},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.3718999922275543},{"id":"https://openalex.org/keywords/human-multitasking","display_name":"Human multitasking","score":0.3630000054836273}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.650600016117096},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6195999979972839},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.5982000231742859},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5376999974250793},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5245000123977661},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.4546999931335449},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.421099990606308},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4172999858856201},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4059000015258789},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.3871999979019165},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.3718999922275543},{"id":"https://openalex.org/C107418235","wikidata":"https://www.wikidata.org/wiki/Q1520565","display_name":"Human multitasking","level":2,"score":0.3630000054836273},{"id":"https://openalex.org/C105446022","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy system","level":3,"score":0.3610999882221222},{"id":"https://openalex.org/C2775928411","wikidata":"https://www.wikidata.org/wiki/Q2041312","display_name":"Fault injection","level":3,"score":0.3513000011444092},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.34439998865127563},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.34209999442100525},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.30480000376701355},{"id":"https://openalex.org/C509989072","wikidata":"https://www.wikidata.org/wiki/Q15188241","display_name":"Model-driven architecture","level":4,"score":0.2989000082015991},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.29589998722076416},{"id":"https://openalex.org/C180152950","wikidata":"https://www.wikidata.org/wiki/Q2904257","display_name":"Software development process","level":4,"score":0.28610000014305115},{"id":"https://openalex.org/C120617098","wikidata":"https://www.wikidata.org/wiki/Q559486","display_name":"Systems development life cycle","level":5,"score":0.2770000100135803},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.274399995803833},{"id":"https://openalex.org/C35869016","wikidata":"https://www.wikidata.org/wiki/Q846636","display_name":"Software architecture","level":3,"score":0.27230000495910645},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.27230000495910645},{"id":"https://openalex.org/C85687889","wikidata":"https://www.wikidata.org/wiki/Q445962","display_name":"Legacy code","level":3,"score":0.271699994802475},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.27129998803138733},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.2669000029563904},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.26600000262260437},{"id":"https://openalex.org/C31139447","wikidata":"https://www.wikidata.org/wiki/Q5380386","display_name":"Enterprise information security architecture","level":2,"score":0.25220000743865967}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2512.21818","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.21818","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2512.21818","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.21818","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","score":0.4249216914176941,"id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Agentic":[0],"AI":[1],"and":[2,10,91,102,116,129],"Multi-Agent":[3],"Systems":[4],"are":[5,79],"poised":[6],"to":[7,81,87,104,170,193],"dominate":[8],"industry":[9],"society":[11],"imminently.":[12],"Powered":[13],"by":[14,106,142,161],"goal-driven":[15],"autonomy,":[16],"they":[17,78],"represent":[18],"a":[19,26,44,59,144],"powerful":[20],"form":[21],"of":[22,43,51,93,113],"generative":[23],"AI,":[24],"marking":[25],"transition":[27],"from":[28,191],"reactive":[29],"content":[30],"generation":[31],"into":[32],"proactive":[33],"multitasking":[34],"capabilities.":[35],"As":[36],"an":[37,41],"exemplar,":[38],"we":[39,148],"propose":[40],"architecture":[42,121],"multi-agent":[45,114],"system":[46],"for":[47,63],"the":[48,52,64,96,111,119,127,150,164,182,187],"implementation":[49],"phase":[50],"software":[53],"engineering":[54],"process.":[55],"We":[56,67,139,159],"also":[57],"present":[58],"comprehensive":[60],"threat":[61],"model":[62],"proposed":[65],"system.":[66],"demonstrate":[68],"that":[69,118,141,163,176],"while":[70,154],"such":[71],"systems":[72,99,115],"can":[73,185],"generate":[74],"code":[75,84,172,184],"quite":[76],"accurately,":[77],"vulnerable":[80,169],"attacks,":[82,174],"including":[83],"injection.":[85],"Due":[86],"their":[88],"autonomous":[89],"design":[90],"lack":[92],"humans":[94],"in":[95,152,181],"loop,":[97],"these":[98],"cannot":[100],"identify":[101],"respond":[103],"attacks":[105],"themselves.":[107],"This":[108],"paper":[109],"analyzes":[110],"vulnerability":[112],"concludes":[117],"coder-reviewer-tester":[120],"is":[122,133,168],"more":[123],"resilient":[124],"than":[125],"both":[126],"coder":[128],"coder-tester":[130],"architectures,":[131],"but":[132],"less":[134],"efficient":[135],"at":[136],"writing":[137],"code.":[138],"find":[140],"adding":[143],"security":[145,165],"analysis":[146,166],"agent,":[147],"mitigate":[149],"loss":[151],"efficiency":[153],"achieving":[155],"even":[156],"better":[157],"resiliency.":[158],"conclude":[160],"demonstrating":[162],"agent":[167],"advanced":[171],"injection":[173],"showing":[175],"embedding":[177],"poisonous":[178],"few-shot":[179],"examples":[180],"injected":[183],"increase":[186],"attack":[188],"success":[189],"rate":[190],"0%":[192],"71.95%.":[194]},"counts_by_year":[],"updated_date":"2025-12-30T23:12:23.022851","created_date":"2025-12-30T00:00:00"}