The Trust Paradox in LLM-Based Multi-Agent Systems: When Collaboration Becomes a Security Vulnerability

TL;DR

This paper explores the Trust-Vulnerability Paradox in large language model multi-agent systems, showing that increased trust improves coordination but also raises security risks, and proposes metrics and defenses to manage this trade-off.

Contribution

It formalizes the Trust-Vulnerability Paradox, introduces unified metrics for trust-related risks, and evaluates defenses to balance trust and security in multi-agent systems.

Findings

Higher trust enhances task success but increases exposure risks.

Heterogeneous trust-risk mappings across different systems.

Defense mechanisms effectively reduce exposure and sensitivity.

Abstract

Multi-agent systems powered by large language models are advancing rapidly, yet the tension between mutual trust and security remains underexplored. We introduce and empirically validate the Trust-Vulnerability Paradox (TVP): increasing inter-agent trust to enhance coordination simultaneously expands risks of over-exposure and over-authorization. To investigate this paradox, we construct a scenario-game dataset spanning 3 macro scenes and 19 sub-scenes, and run extensive closed-loop interactions with trust explicitly parameterized. Using Minimum Necessary Information (MNI) as the safety baseline, we propose two unified metrics: Over-Exposure Rate (OER) to detect boundary violations, and Authorization Drift (AD) to capture sensitivity to trust levels. Results across multiple model backends and orchestration frameworks reveal consistent trends: higher trust improves task success but also heightens exposure risks, with heterogeneous trust-to-risk mappings across systems. We further examine defenses such as Sensitive Information Repartitioning and Guardian-Agent enablement, both of which reduce OER and attenuate AD. Overall, this study formalizes TVP, establishes reproducible baselines with unified metrics, and demonstrates that trust must be modeled and scheduled as a first-class security variable in multi-agent system design.