{"id":"https://openalex.org/W7139087235","doi":"https://doi.org/10.48550/arxiv.2603.15661","title":"DynaTrust: Defending Multi-Agent Systems Against Sleeper Agents via Dynamic Trust Graphs","display_name":"DynaTrust: Defending Multi-Agent Systems Against Sleeper Agents via Dynamic Trust Graphs","publication_year":2026,"publication_date":"2026-03-09","ids":{"openalex":"https://openalex.org/W7139087235","doi":"https://doi.org/10.48550/arxiv.2603.15661"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.15661","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.15661","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.15661","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5130106222","display_name":"Yu Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Li, Yu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130001601","display_name":"Qiang Hu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hu, Qiang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5130191474","display_name":"Yao Zhang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Yao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113199390","display_name":"Lili Quan","orcid":"https://orcid.org/0000-0002-2757-5627"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Quan, Lili","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058013874","display_name":"Jiongchi Yu","orcid":"https://orcid.org/0000-0002-2888-4499"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yu, Jiongchi","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5129816309","display_name":"Junjie Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Junjie","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5130106222"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.41449999809265137,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.41449999809265137,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.1858000010251999,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.13169999420642853,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.8282999992370605},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5364999771118164},{"id":"https://openalex.org/keywords/usability","display_name":"Usability","score":0.5303999781608582},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5048999786376953},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.501800000667572},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.4462999999523163}],"concepts":[{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.8282999992370605},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.798799991607666},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5364999771118164},{"id":"https://openalex.org/C170130773","wikidata":"https://www.wikidata.org/wiki/Q216378","display_name":"Usability","level":2,"score":0.5303999781608582},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5048999786376953},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.501800000667572},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.47110000252723694},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.4462999999523163},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.4284000098705292},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.35420000553131104},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3019999861717224},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.2962999939918518},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2906999886035919},{"id":"https://openalex.org/C2987255567","wikidata":"https://www.wikidata.org/wiki/Q33002955","display_name":"Knowledge graph","level":2,"score":0.28940001130104065},{"id":"https://openalex.org/C144745244","wikidata":"https://www.wikidata.org/wiki/Q4927286","display_name":"Blocking (statistics)","level":2,"score":0.2831999957561493},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2705000042915344},{"id":"https://openalex.org/C175154964","wikidata":"https://www.wikidata.org/wiki/Q380077","display_name":"Task analysis","level":3,"score":0.26589998602867126},{"id":"https://openalex.org/C41550386","wikidata":"https://www.wikidata.org/wiki/Q529909","display_name":"Multi-agent system","level":2,"score":0.26190000772476196},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2508000135421753}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.15661","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.15661","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.15661","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.15661","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.4697301983833313}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Model-based":[2],"Multi-Agent":[3],"Systems":[4],"(MAS)":[5],"have":[6],"demonstrated":[7],"remarkable":[8],"collaborative":[9],"reasoning":[10],"capabilities":[11],"but":[12],"introduce":[13],"new":[14],"attack":[15],"surfaces,":[16],"such":[17],"as":[18,92,100],"the":[19,113,124,137,149,155,176,182],"sleeper":[20,87],"agent,":[21],"which":[22],"behave":[23],"benignly":[24],"during":[25],"routine":[26],"operation":[27],"and":[28,97,123,143,168],"gradually":[29],"accumulate":[30],"trust,":[31],"only":[32],"revealing":[33],"malicious":[34],"behaviors":[35,122],"when":[36],"specific":[37],"conditions":[38],"or":[39,52,64],"triggers":[40],"are":[41],"met.":[42],"Existing":[43],"defense":[44,84,183],"works":[45],"primarily":[46],"focus":[47],"on":[48,119,162],"static":[49,108],"graph":[50,138,211],"optimization":[51],"hierarchical":[53],"data":[54],"management,":[55],"often":[56],"failing":[57],"to":[58,60,72,139,147],"adapt":[59],"evolving":[61,103],"adversarial":[62,193],"strategies":[63],"suffering":[65],"from":[66,166],"high":[67],"false-positive":[68],"rates":[69,189],"(FPR)":[70],"due":[71],"rigid":[73],"blocking":[74],"policies.":[75],"To":[76,153],"address":[77],"this,":[78],"we":[79,159],"propose":[80],"DynaTrust,":[81,158],"a":[82,93,101,107],"novel":[83],"method":[85,178],"against":[86],"agents.":[88,129],"DynaTrust":[89,134,174],"models":[90],"MAS":[91],"dynamic":[94],"trust":[95,99,114],"graph~(DTG),":[96],"treats":[98],"continuous,":[102],"process":[104],"rather":[105],"than":[106],"attribute.":[109],"It":[110],"dynamically":[111],"updates":[112],"of":[115,126,131,151,157],"each":[116],"agent":[117],"based":[118],"its":[120],"historical":[121],"confidence":[125],"selected":[127],"expert":[128],"Instead":[130],"simply":[132],"blocking,":[133],"autonomously":[135],"restructures":[136],"isolate":[140],"compromised":[141],"agents":[142],"restore":[144],"task":[145],"connectivity":[146],"ensure":[148],"usability":[150],"MAS.":[152],"assess":[154],"effectiveness":[156],"evaluate":[160],"it":[161,196],"mixed":[163],"benchmarks":[164],"derived":[165],"AdvBench":[167],"HumanEval.":[169],"The":[170],"results":[171],"demonstrate":[172],"that":[173],"outperforms":[175],"state-of-the-art":[177],"AgentShield":[179],"by":[180,186,202],"increasing":[181],"success":[184],"rate":[185],"41.7%,":[187],"achieving":[188],"exceeding":[190],"86%":[191],"under":[192],"conditions.":[194],"Furthermore,":[195],"effectively":[197],"balances":[198],"security":[199],"with":[200],"utility":[201],"significantly":[203],"reducing":[204],"FPR,":[205],"ensuring":[206],"uninterrupted":[207],"system":[208],"operations":[209],"through":[210],"adaptation.":[212]},"counts_by_year":[],"updated_date":"2026-03-20T20:54:20.808490","created_date":"2026-03-20T00:00:00"}