When Alignment Becomes an Attack Surface: Prompt Injection in Cooperative Multi-Agent Systems

Multi‑agent simulations have become a proving ground for studying how large language models (LLMs) cooperate on shared‑resource problems. Platforms like GovSim model classic commons dilemmas—fishing, grazing, pollution—where agents must balance self‑interest with collective welfare. By integrating a Prompt Infection (PI) attack, researchers can observe how malicious prompts propagate through these networks, turning cooperative norms into potential vulnerabilities.

The proposed extension treats transferred resources as stand‑ins for stolen data, letting malicious agents spread self‑replicating prompts that redirect assets to themselves. Variables such as universal reasoning, task difficulty, network scale, and the presence of dedicated "Police Agents" that score memory importance will be systematically tested. Early hypotheses suggest that tagging mechanisms and policing layers can curb PI spread, while larger, more open networks may amplify infection risk, especially when weaker models are involved.

These insights have immediate relevance for AI safety and policy. As LLM‑driven agents move from research labs into critical infrastructure—energy grids, logistics, or financial services—understanding the balance between open communication and attack surface exposure becomes paramount. The research could inform standards for meta‑norms, defensive architectures, and human‑in‑the‑loop safeguards, helping stakeholders mitigate catastrophic outcomes before they materialize.