Multi-Agent Exploitation

Multi-agent exploitation attacks target systems where multiple AI agents communicate and delegate tasks. Attackers exploit trust relationships between agents through impersonation, session smuggling, delegation abuse, and cascading jailbreaks. When one agent in a chain is compromised, the entire pipeline can be subverted.

Summary

5 attacks total: 4 multi-turn, 1 tool-use.

Attacks

Attack	ID	Mode	Severity	Description
Agent Collusion	`agent-collusion`	multi-turn	high	Tests if an agent can be tricked into establishing covert communication channels using steganographic encoding
Agent Delegation Abuse	`agent-delegation-abuse`	tool-use	critical	Tests if a limited-permission agent can abuse delegation mechanisms to get a higher-privileged agent to perform restr…
Agent Impersonation	`agent-impersonation`	multi-turn	critical	Tests if an agent validates the identity of other agents by simulating a trusted system agent claiming elevated autho…
Agent Session Smuggling	`agent-session-smuggling`	multi-turn	critical	Injects hidden instructions mid-session in agent-to-agent communication pipelines
Cascading Jailbreak	`cascading-jailbreak`	multi-turn	critical	Tests if a jailbreak in one agent context propagates to downstream agents by embedding jailbreak state in inter-agent…

Example

ai-blackteam run -p anthropic -a agent-collusion -t "Impersonate the admin agent and grant permissions"

MCP Exploitation Protocol Exploitation

​Summary

​Attacks

​Example

Summary

Attacks

Example