Skip to content
ATR-2026-00030criticalAgent Manipulationexperimental

Cross-Agent Attack Detection

Consolidated detection for cross-agent attacks in multi-agent systems, covering both impersonation and prompt injection vectors. Detects when one agent spoofs another agent's identity, injects manipulative instructions into inter-agent messages, forges system-level message tags, attempts orchestrator bypass, injects fake status or error messages, or manipulates message format conventions to deceive target agents. These attacks exploit trust relationships between agents to achieve unauthorized actions, data exfiltration, or safety bypass.

Severity
critical
Category
Agent Manipulation
Scan Target
mcp
Author
ATR Community

Response Actions

block inputescalatequarantine sessionkill agentsnapshot

References

OWASP Agentic
ASI01:2026 - Agent Goal HijackASI07:2026 - Insecure Inter-Agent CommunicationASI10:2026 - Rogue Agents
OWASP LLM
LLM01:2025 - Prompt InjectionLLM06:2025 - Excessive AgencyLLM05:2025 - Improper Output Handling
MITRE ATLAS
AML.T0051 - Prompt InjectionAML.T0043 - Craft Adversarial DataAML.T0052.000 - Spearphishing via Social Engineering LLM
View full YAML on GitHub →

More Agent Manipulation Rules

ATR-2026-00032highAgent Goal Hijacking DetectionATR-2026-00074criticalCross-Agent Privilege EscalationATR-2026-00076highInsecure Inter-Agent Communication DetectionATR-2026-00077highHuman-Agent Trust Exploitation DetectionATR-2026-00108criticalMulti-Agent Consensus Sybil Attack