Conference item
Can an individual manipulate the collective decisions of multi-agents?
- Abstract:
-
Individual Large Language Models (LLMs) have demonstrated significant capabilities across various domains, such as healthcare and law. Recent studies also show that coordinated multi-agent systems exhibit enhanced decision-making and reasoning abilities through collaboration. However, due to the vulnerabilities of individual LLMs and the difficulty of accessing all agents in a multi-agent system, a key question arises: If attackers only know one agent, could they still generate adversarial samples capable of misleading the collective decision?To explore this question, we formulate it as a game with incomplete information, where attackers know only one target agent and lack knowledge of the other agents in the system. With this formulation, we propose M-Spoiler, a framework that simulates agent interactions within a multi-agent system to generate adversarial samples. These samples are then used to manipulate the target agent in the target system, misleading the system’s collaborative decision-making process.More specifically, M-Spoiler introduces a stubborn agent that actively aids in optimizing adversarial samples by simulating potential stubborn responses from agents in the target system. This enhances the effectiveness of the generated adversarial samples in misleading the system.Through extensive experiments across various tasks, our findings confirm the risks posed by the knowledge of an individual agent in multi-agent systems and demonstrate the effectiveness of our framework.We also explore several defense mechanisms, showing that our proposed attack framework remains more potent than baselines, underscoring the need for further research into defensive strategies.
- Publication status:
- Published
- Peer review status:
- Peer reviewed
Actions
Access Document
- Files:
-
-
(Preview, Version of record, pdf, 1.8MB, Terms of use)
-
- Publisher copy:
- 10.18653/v1/2025.emnlp-main.611
Authors
- Publisher:
- Association for Computational Linguistics
- Host title:
- Proceedings of the 2025 Conference on Empirical Methods in Natural Language Processing
- Pages:
- 12169-12193
- Publication date:
- 2025-11-04
- Acceptance date:
- 2025-08-21
- Event title:
- Empirical Methods in Natural Language Processing (EMNLP 2025)
- Event location:
- Suzhou, China
- Event website:
- https://2025.emnlp.org/
- Event start date:
- 2025-11-04
- Event end date:
- 2025-11-09
- DOI:
- ISBN:
- 9798891763326
- Language:
-
English
- Pubs id:
-
2328662
- Local pid:
-
pubs:2328662
- Deposit date:
-
2025-11-17
- ARK identifier:
Terms of use
- Copyright holder:
- Liu et al.
- Copyright date:
- 2025
- Rights statement:
- © 2025 Association for Computational Linguistics. This is an open access article published under CC BY 4.0.
- Licence:
- CC Attribution (CC BY)
If you are the owner of this record, you can report an update to it here: Report update to this record