Distributed Agent Attacks Evade Safety Monitors; New Defense Proposed

A recent study published on arXiv (2605.31593) reveals that language model agents can be spread across various user accounts to bypass safety monitoring. The researchers have created the first documented distributed agent attack, utilizing a multi-agent framework that accomplishes challenging cybersecurity tasks while concealing malicious intents among subagents with restricted contexts. This method successfully evades a typical monitor, which detects it only 20% as frequently as previous agent attacks. To counter this, they introduced an online stateful monitor that employs real-time clustering to gather faint signals of suspicion from numerous agent transcripts, escalating only infrequent clusters for further examination. This research underscores a significant oversight in existing safety systems that evaluate only one agent context at a time.