PropGuard: New Framework to Protect LLM Multi-Agent Systems from Malicious Instruction Propagation

A new security framework called PropGuard has been proposed to protect LLM-based multi-agent systems (LLM-MAS) from malicious instructions that can propagate across agents and rounds. The framework, detailed in a paper on arXiv (2605.16346), constructs a dual-view spatio-temporal graph combining response-centric risk estimation with full-state evidence preservation. It uses a GE-GRPO trained inspector to explore the full-state graph and recover compact suspicious propagation paths. Existing defenses rely on local filtering or graph-based anomaly detection but fail to trace fine-grained propagation or remediate contaminated states without disrupting collaboration. PropGuard addresses these gaps by enabling propagation-aware exploration and remediation. The paper is categorized as a cross-type announcement.