{"id":"https://openalex.org/W7157124873","doi":"https://doi.org/10.48550/arxiv.2604.23459","title":"Architecture Matters for Multi-Agent Security","display_name":"Architecture Matters for Multi-Agent Security","publication_year":2026,"publication_date":"2026-04-25","ids":{"openalex":"https://openalex.org/W7157124873","doi":"https://doi.org/10.48550/arxiv.2604.23459"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.23459","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.23459","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.23459","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066409021","display_name":"Ben Hagag","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hagag, Ben","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5023554745","display_name":"William L. Anderson","orcid":"https://orcid.org/0000-0003-3200-7947"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Anderson, William L.","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5112436473","display_name":"Christian Schroeder de Witt","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"de Witt, Christian Schroeder","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5038503962","display_name":"Sarah Scheffler","orcid":"https://orcid.org/0000-0003-1202-7502"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Scheffler, Sarah","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.23800000548362732,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.23800000548362732,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.2328999936580658,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.15230000019073486,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/visibility","display_name":"Visibility","score":0.6809999942779541},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.6050999760627747},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5972999930381775},{"id":"https://openalex.org/keywords/architecture","display_name":"Architecture","score":0.5871000289916992},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.5569999814033508},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.3984000086784363},{"id":"https://openalex.org/keywords/empirical-evidence","display_name":"Empirical evidence","score":0.3547999858856201},{"id":"https://openalex.org/keywords/production","display_name":"Production (economics)","score":0.31940001249313354}],"concepts":[{"id":"https://openalex.org/C123403432","wikidata":"https://www.wikidata.org/wiki/Q654068","display_name":"Visibility","level":2,"score":0.6809999942779541},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.621999979019165},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6111999750137329},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.6050999760627747},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5972999930381775},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.5871000289916992},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.5569999814033508},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.3984000086784363},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3889999985694885},{"id":"https://openalex.org/C166052673","wikidata":"https://www.wikidata.org/wiki/Q83021","display_name":"Empirical evidence","level":2,"score":0.3547999858856201},{"id":"https://openalex.org/C2778348673","wikidata":"https://www.wikidata.org/wiki/Q739302","display_name":"Production (economics)","level":2,"score":0.31940001249313354},{"id":"https://openalex.org/C2780741293","wikidata":"https://www.wikidata.org/wiki/Q4818019","display_name":"Attack patterns","level":3,"score":0.31839999556541443},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.2906000018119812},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.28299999237060547},{"id":"https://openalex.org/C98025372","wikidata":"https://www.wikidata.org/wiki/Q477538","display_name":"Systems architecture","level":3,"score":0.26499998569488525},{"id":"https://openalex.org/C31352089","wikidata":"https://www.wikidata.org/wiki/Q3750474","display_name":"Systems design","level":2,"score":0.2621000111103058},{"id":"https://openalex.org/C2984241579","wikidata":"https://www.wikidata.org/wiki/Q323611","display_name":"Architectural design","level":3,"score":0.25949999690055847},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2542000114917755},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.2540999948978424}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.23459","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.23459","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.23459","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.23459","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Multi-agent":[0],"systems":[1],"(MAS),":[2],"composed":[3],"of":[4,6,61,159,189,198],"networks":[5],"two":[7],"or":[8,172],"more":[9,151],"autonomous":[10],"AI":[11],"agents,":[12],"have":[13,48],"become":[14],"increasingly":[15],"popular":[16],"in":[17,28,156],"production":[18],"deployments,":[19],"yet":[20],"introduce":[21],"security":[22,196],"risks":[23],"that":[24,47,91,147,177,192],"do":[25],"not":[26,49],"arise":[27],"single-agent":[29],"settings.":[30],"Even":[31],"if":[32],"individual":[33],"agents":[34,129,155],"exhibit":[35],"robust":[36],"security,":[37],"architectural":[38,85],"decisions":[39,65],"governing":[40],"their":[41],"coordination":[42],"can":[43],"create":[44],"attack":[45,73,102,162],"surfaces":[46],"been":[50],"systematically":[51],"characterized.":[52],"In":[53],"this":[54],"work,":[55],"we":[56,87],"present":[57],"an":[58],"empirical":[59],"study":[60,105],"how":[62,115,126],"MAS":[63],"design":[64,108,180],"shape":[66],"the":[67,136,157,187,195],"tradeoff":[68],"between":[69],"task":[70],"performance":[71],"and":[72,81,83,100,117,127,131,138,176],"resistance.":[74],"Across":[75],"three":[76,106],"agentic":[77],"environments":[78],"(browser,":[79],"desktop,":[80],"code)":[82],"13":[84],"configurations,":[86,160],"use":[88],"stagewise":[89],"evaluations":[90,191],"distinguish":[92],"planning":[93],"refusal,":[94],"execution-stage":[95],"interception,":[96],"partial":[97],"harmful":[98],"execution,":[99],"successful":[101],"completion":[103],"to":[104,142,168],"key":[107],"choices:":[109],"(i)":[110],"agent":[111],"roles,":[112],"which":[113,124,134],"determine":[114],"authority":[116],"responsibility":[118],"are":[119,150],"allocated;":[120],"(ii)":[121],"communication":[122],"topology,":[123],"shapes":[125],"when":[128],"interact;":[130],"(iii)":[132],"memory,":[133],"determines":[135],"context":[137],"state":[139],"visibility":[140],"accessible":[141],"each":[143],"agent.":[144,201],"We":[145],"find":[146],"multi-agent":[148],"architectures":[149],"vulnerable":[152],"than":[153],"standalone":[154],"majority":[158],"with":[161],"success":[163],"rates":[164],"varying":[165],"by":[166],"up":[167],"3.8x":[169],"at":[170],"comparable":[171],"higher":[173],"benign":[174],"accuracy,":[175],"no":[178],"single":[179,200],"is":[181],"universally":[182],"safer.":[183],"These":[184],"results":[185],"motivate":[186],"development":[188],"further":[190],"move":[193],"beyond":[194],"properties":[197],"a":[199]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-29T00:00:00"}