English

OMNI-LEAK: Orchestrator Multi-Agent Network Induced Data Leakage

Artificial Intelligence 2026-02-26 v2

Abstract

As Large Language Model (LLM) agents become more capable, their coordinated use in the form of multi-agent systems is anticipated to emerge as a practical paradigm. Prior work has examined the safety and misuse risks associated with agents. However, much of this has focused on the single-agent case and/or setups missing basic engineering safeguards such as access control, revealing a scarcity of threat modeling in multi-agent systems. We investigate the security vulnerabilities of a popular multi-agent pattern known as the orchestrator setup, in which a central agent decomposes and delegates tasks to specialized agents. Through red-teaming a concrete setup representative of a likely future use case, we demonstrate a novel attack vector, OMNI-LEAK, that compromises several agents to leak sensitive data through a single indirect prompt injection, even in the presence of data access control. We report the susceptibility of frontier models to different categories of attacks, finding that both reasoning and non-reasoning models are vulnerable, even when the attacker lacks insider knowledge of the implementation details. Our work highlights the importance of safety research to generalize from single-agent to multi-agent settings, in order to reduce the serious risks of real-world privacy breaches and financial losses and overall public trust in AI agents.

Keywords

Cite

@article{arxiv.2602.13477,
  title  = {OMNI-LEAK: Orchestrator Multi-Agent Network Induced Data Leakage},
  author = {Akshat Naik and Jay Culligan and Yarin Gal and Philip Torr and Rahaf Aljundi and Alasdair Paren and Adel Bibi},
  journal= {arXiv preprint arXiv:2602.13477},
  year   = {2026}
}

Comments

Preprint; corrected typos

R2 v1 2026-07-01T10:36:18.143Z