CORBA: Contagious Recursive Blocking Attacks on Multi-Agent Systems Based on Large Language Models

TL;DR

This paper introduces Corba, a novel attack on LLM-based multi-agent systems that propagates and exhausts resources, revealing security vulnerabilities even in systems with safety measures.

Contribution

The paper presents Corba, a simple yet effective recursive blocking attack exploiting contagion and resource depletion in LLM-MASs, highlighting new security challenges.

Findings

Corba effectively disrupts interactions in LLM-MASs across various topologies.

Corba can deplete computational resources in complex multi-agent environments.

The attack is successful on both commercial and open-source LLM models.

Abstract

Large Language Model-based Multi-Agent Systems (LLM-MASs) have demonstrated remarkable real-world capabilities, effectively collaborating to complete complex tasks. While these systems are designed with safety mechanisms, such as rejecting harmful instructions through alignment, their security remains largely unexplored. This gap leaves LLM-MASs vulnerable to targeted disruptions. In this paper, we introduce Contagious Recursive Blocking Attacks (Corba), a novel and simple yet highly effective attack that disrupts interactions between agents within an LLM-MAS. Corba leverages two key properties: its contagious nature allows it to propagate across arbitrary network topologies, while its recursive property enables sustained depletion of computational resources. Notably, these blocking attacks often involve seemingly benign instructions, making them particularly challenging to mitigate using conventional alignment methods. We evaluate Corba on two widely-used LLM-MASs, namely, AutoGen and Camel across various topologies and commercial models. Additionally, we conduct more extensive experiments in open-ended interactive LLM-MASs, demonstrating the effectiveness of Corba in complex topology structures and open-source models. Our code is available at: https://github.com/zhrli324/Corba.