Tools

Tools: When AI Agents Trust Each Other: The Multi-agent Security Problem...

2026-02-19 0 views admin
Tools: When AI Agents Trust Each Other: The Multi-agent Security Problem...

If you've been following AI agent security at all, you already know the baseline is grim. At Black Hat USA 2025, Zenity Labs demonstrated working exploits against Microsoft Copilot, ChatGPT, Salesforce Einstein, and Google Gemini — in the same session. One demo showed a crafted email triggering ChatGPT to hand over access to a connected Google Drive. Copilot Studio was leaking CRM databases.

Then came CVE-2025-32711 (dubbed "EchoLeak") — a CVSS 9.3 vulnerability in Microsoft 365 Copilot where receiving a single crafted email triggered automatic data exfiltration. No user clicks required. The email arrives, the agent processes it, and your data leaves.

In November 2025, Anthropic confirmed that a Chinese state-sponsored group had weaponised Claude Code to target roughly 30 organisations across tech, finance, chemical manufacturing, and government. What made it unprecedented: 80-90% of tactical operations were executed by the AI agents themselves with minimal human involvement.

Bruce Schneier summarised the situation bluntly: "We have zero agentic AI systems that are secure against these attacks."

These are all single-agent problems. One agent, one set of tools, one attack surface. Difficult, but at least conceptually bounded. You know what you're defending.

The shift from single agents to multi-agent orchestration isn't just a scaling problem — it's a category change in the nature of the vulnerability.

Deloitte reports that 23% of companies are already using AI agents moderately, projecting 74% adoption by 2028. As organisations scale their deployments, they're naturally moving from "one agent does a task" to "multiple agents collaborate on complex workflows." Research agents feed into analysis agents, which feed into action agents. Reasonable architecture. Catastrophic security implications.

The core problem is devastatingly simple: agents trust each other by default.

When your researcher agent passes output to your writer agent, the writer treats that output as a legitimate instruction. There's no verification. No cryptographic signing. No provenance checking. Agent A's output is literally Agent B's input — and in the world of language models, there is no reliable distinction between "data to process" and "instruction to follow."

This means that if you compromise Agent A, you automatically get Agent B, Agent C, and whatever databases or APIs they have access to. You don't need to attack each agent individually. You need one entry point, and the t

Source: Dev.to

🏷️ Tags

toolprojectcliapi

More from Tools

Tools: How to generate a PDF from HTML in Node.js (without Puppeteer)

Tools: How to generate a PDF from HTML in Node.js (without Puppeteer)

2026-02-25 0
Tools: How I Manage AI Coding Rules Across Claude Code, Cursor, and Codex With One CLI

Tools: How I Manage AI Coding Rules Across Claude Code, Cursor, and Codex With One CLI

2026-02-25 0
Tools: Your Dev Tools Are Leaking Data. Here’s Why I Built Mine to Run Entirely in the Browser.

Tools: Your Dev Tools Are Leaking Data. Here’s Why I Built Mine to Run Entirely in the Browser.

2026-02-25 0
Tools: Vibe Coding is best for repid development but, most of programmer don't knows about .

Tools: Vibe Coding is best for repid development but, most of programmer don't knows about .

2026-02-25 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views