Source linked

LLMs الكبيرة أكثر عرضة للاضطرابات، ولكن مرحلة Fixer تصحيح ذلك

arxiv.org@frontier_wire3 hours ago·Artificial Intelligence·2 comments

تراجع الأداء الخبيث لـ 27B بنسبة 53.7 نقطة بالمائة في تدفقات العمل متعددة الأدوات الخطية، ولكن إدخال مرحلة Fixer القابلة للطي يقطع هذا الفرق إلى 0.6pp.

arxivmulti agent systemsllm securityhumanevalprompt injectionmodel scaling

Larger LLMs are actually worse at resisting malicious prompts in multi-agent workflows, dropping performance by 53.7 percentage points at 27B parameters on the HumanEval benchmark. That's the compliance-correction symmetry researchers from the paper "Smarter Saboteurs, Better Fixers" uncover by testing two open-weight model families across scales in linear multi-agent pipelines.

The Compliance-Correction Symmetry

Attackers using prompt injection or jailbreaking can sabotage individual agents in a linear workflow. What the authors found is that bigger models don't resist better — they obey more obediently. The control-to-malicious performance drop grows with scale: at 27B parameters it's a brutal 53.7 percentage points in uncorrected pipelines. Smaller models are less compliant, but that's cold comfort when you need capable agents.

This isn't about model alignment failing in isolation. It's about how the system's collaboration structure interacts with model scale. Linear topologies have been assumed brittle under attack; this work pins that brittleness on the absence of correction, not the chain itself.

A Lightweight Terminal Fixer Collapses the Gap

The fix is absurdly simple: append a single terminal Fixer stage that reviews and corrects the pipeline's output. With that Fixer in place, the 53.7pp gap collapses to 0.6pp — statistical parity with control-level performance. No architectural overhaul, no retraining, just one additional agent at the end.

That result flips the narrative. Linear multi-agent workflows can be viable and resilient against adversaries at this scale. The researchers demonstrate that the compliance-correction symmetry is real but fixable, and the solution doesn't require complex graph topologies or majority voting.

What this means for anyone building agent pipelines: if you're deploying linear chains of LLMs, your biggest vulnerability isn't the topology — it's the absence of a dedicated corrector. The next step is testing whether this holds across more benchmarks and multi-turn attacks, but for now, the terminal Fixer is the cheapest security patch you'll ever deploy.

Source: Smarter Saboteurs, Better Fixers: Scaling & Security in Linear Multi-Agent Workflows
Domain: arxiv.org

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Artificial Intelligence

view topic
AI Agent's DN42 Scan Cost Operator $6,531 in AWS Fees

An LLM-powered agent tasked with scanning DN42 burned through $6,531.30 in AWS egress charges before its operator pulled the plug.

Avataar's Varya Slices Video AI Cost to $0.005 Per Second for India

By distilling Alibaba's Wan 2.2, Avataar's Varya runs 10x faster and costs 20x less than leading video models, while understanding Indian festivals, food, and clothing.

ToolSense Audit Reveals LLM Tool Retrieval Collapses 64% on Realistic Queries

A diagnostic framework finds that parametric tool retrieval in LLMs suffers a knowledge-retrieval dissociation, with models dropping 50-64 percentage points on ambiguous queries and scoring near-random on factual probes.

Arbor's Multi-Agent Tree Search Yields 193% Inference Gain

By treating failures as diagnostic signal and maintaining a shared search tree across agents, Arbor outperforms vendor-optimized baselines by 193% on LLM inference optimization, while single agents plateau at 33%.

Comments load interactively on the live page.