AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Cracks in Collaboration: Threat Models and Attacks on Multi-LLM Collaborative Systems

inforesearchPeer-ReviewedLLM-Specific

securityresearch

Source: IEEE Xplore (Security & AI Journals)March 9, 2026

Summary

Multi-LLM collaborative systems (setups where multiple AI models work together on complex tasks) can be attacked through three new methods: Decision Poisoning Attack (injecting false instructions to manipulate system output), Indirect Echoleak Attack (extracting private information through model interactions), and Information Collision Attack (exploiting communication between models). While these collaborative systems offer flexibility and better reasoning, their internal communication channels create security and privacy vulnerabilities that attackers can exploit.

Classification

Attack Type

Model PoisoningData ExtractionPII Leakage

Attack SophisticationModerate

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Similar attackNVD/CVE Database

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attack

Monthly digest — independent AI security research

Original source: http://ieeexplore.ieee.org/document/11424974

First tracked: May 14, 2026 at 08:01 PM

Classified by LLM (prompt v3) · confidence: 92%