LLM-based agents are increasingly deployed in multi-agent systems (MAS). As these systems move toward real-world applications, their security becomes paramount. Existing research largely evaluates single-agent security, leaving a critical gap in understanding the vulnerabilities introduced by multi-agent design. However, existing systems fall short due to lack of unified frameworks and metrics focusing on unique rejection modes in MAS. We present SafeAgents, a unified and extensible framework for fine-grained security assessment of MAS. SafeAgents systematically exposes how design choices such as plan construction strategies, inter-agent context sharing, and fallback behaviors affect susceptibility to adversarial prompting. We introduce Dharma, a diagnostic measure that helps identify weak links within multi-agent pipelines. Using SafeAgents, we conduct a comprehensive study across five widely adopted multi-agent architectures (centralized, decentralized, and hybrid variants) on four datasets spanning web tasks, tool use, and code generation. Our findings reveal that common design patterns carry significant vulnerabilities. For example, centralized systems that delegate only atomic instructions to sub-agents obscure harmful objectives, reducing robustness. Our results highlight the need for security-aware design in MAS. Link to code is https://github.com/microsoft/SafeAgents

翻译：基于大语言模型（LLM）的智能体正越来越多地被部署于多智能体系统（MAS）中。随着这些系统向实际应用场景推进，其安全性变得至关重要。现有研究主要评估单智能体的安全性，在理解多智能体设计引入的脆弱性方面存在关键空白。然而，由于缺乏统一框架以及专注于MAS中独特拒绝模式的评估指标，现有系统存在不足。我们提出了SafeAgents，一个用于对MAS进行细粒度安全评估的统一且可扩展的框架。SafeAgents系统地揭示了诸如计划构建策略、智能体间上下文共享以及回退行为等设计选择如何影响系统对对抗性提示的易感性。我们引入了Dharma，一种有助于识别多智能体流程中薄弱环节的诊断性度量方法。利用SafeAgents，我们在涵盖网络任务、工具使用和代码生成的四个数据集上，对五种广泛采用的多智能体架构（集中式、分散式及其混合变体）进行了全面研究。我们的研究结果表明，常见的设计模式携带显著的脆弱性。例如，仅将原子指令委托给子智能体的集中式系统会掩盖有害目标，从而降低鲁棒性。我们的结果突显了在MAS中进行安全感知设计的必要性。代码链接为 https://github.com/microsoft/SafeAgents