Smarter Saboteurs, Better Fixers: Scaling & Security in Linear Multi-Agent Workflows
arXiv SecurityArchived Jun 12, 2026✓ Full text saved
arXiv:2606.12709v1 Announce Type: cross Abstract: As LLM-based multi-agent systems (MAS) are deployed in the wild, the resilience of their collaboration structures against adversarial compromise becomes a critical safety concern. Attackers may leverage prompt-injection or jailbreaking to sabotage individual agents within MAS workflows, but the interaction between model scaling and system-level resilience remains poorly understood. This paper investigates how model scale affects the security of l
Full text archived locally
✦ AI Summary· Claude Sonnet
Computer Science > Multiagent Systems
[Submitted on 10 Jun 2026]
Smarter Saboteurs, Better Fixers: Scaling & Security in Linear Multi-Agent Workflows
Timothy McAllister, Sina Abdidizaji, Ivan Garibay, Ozlem Ozmen Garibay
As LLM-based multi-agent systems (MAS) are deployed in the wild, the resilience of their collaboration structures against adversarial compromise becomes a critical safety concern. Attackers may leverage prompt-injection or jailbreaking to sabotage individual agents within MAS workflows, but the interaction between model scaling and system-level resilience remains poorly understood. This paper investigates how model scale affects the security of linear multi-agent workflows. Our experiments across scales of two open-weight model families on the HumanEval benchmark reveal a compliance-correction symmetry: larger models are far more likely to faithfully execute malicious instructions, with the control-to-malicious performance drop reaching 53.7pp at 27B in uncorrected pipelines. However, appending a lightweight terminal Fixer stage collapses this to 0.6pp and restores statistical parity with control-level performance, demonstrating that strictly linear collaboration structures can be viable and resilient to adversaries at this scale, and suggesting that the brittleness previously attributed to linear topology may stem from a lack of correction.
Comments: 16 pages (4 are main text), 2 figures, 6 tables. Accepted to the AIWILD Workshop at ICML 2026
Subjects: Multiagent Systems (cs.MA); Cryptography and Security (cs.CR); Machine Learning (cs.LG)
ACM classes: I.2.11; D.4.6
Cite as: arXiv:2606.12709 [cs.MA]
(or arXiv:2606.12709v1 [cs.MA] for this version)
https://doi.org/10.48550/arXiv.2606.12709
Focus to learn more
Submission history
From: Timothy McAllister [view email]
[v1] Wed, 10 Jun 2026 21:55:24 UTC (221 KB)
Access Paper:
HTML (experimental)
view license
Current browse context:
cs.MA
< prev | next >
new | recent | 2026-06
Change to browse by:
cs
cs.CR
cs.LG
References & Citations
NASA ADS
Google Scholar
Semantic Scholar
Export BibTeX Citation
Bookmark
Bibliographic Tools
Bibliographic and Citation Tools
Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
Connected Papers Toggle
Connected Papers (What is Connected Papers?)
Litmaps Toggle
Litmaps (What is Litmaps?)
scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
Code, Data, Media
Demos
Related Papers
About arXivLabs
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)