EPS
← All batches·2605.08460

When Child Inherits: Modeling and Exploiting Subagent Spawn in Multi-Agent Networks

topic: general_safetytop score: 100released: 2026-05-12first surfaced: 2026-05-12arXivPDFlinked_to_results2026-05-12

Authors: Ziwen Cai, Yihe Zhang, Xiali Hei

arXiv · PDF

Summary

The authors study security risks that arise when LLM agents spawn sub-agents (smaller agents created to delegate tasks). When a compromised parent agent creates a child, the child can inherit malicious instructions, stale state, or bad behavioral rules through shared memory — letting a single compromised agent spread its infection across an agent network. They model these "inheritance" vulnerabilities in current multi-agent frameworks and show that trust boundaries break down through insecure memory passing, weak resource controls, and improper termination rules.

Main takeaways:

  • Modern LLM agent frameworks let agents spawn sub-agents that inherit memory and instructions from parents
  • A single compromised agent can spread malicious behavior to children through inherited memory
  • Current frameworks have weak boundaries: sub-agents inherit state they shouldn't have access to
  • The authors propose defenses based on explicit security rules about what can and can't be inherited
  • Inheritance is a core architectural security concern, not just an implementation detail

Relevance

Tangentially related to my conditional-behavior work: this is about unwanted instruction persistence across agent spawning, whereas I study how instructions/behaviors conditionally activate based on context markers. The "inherited state carries behavioral rules" framing might apply if I ever think about persona leakage as a kind of unintended inheritance.

Abstract

arXiv:2605.08460v1 Announce Type: new Abstract: Since the official release of ChatGPT in 2022, large language models (LLMs) have rapidly evolved from chatbot-style interfaces into agentic systems that can delegate work through tools and newly spawned subagents. While these capabilities improve automation and scalability, they also pose new security risks in multi-agent networks. Existing research has studied how individual LLM-based agents can be compromised through prompt injection, jailbreaking, poisoned retrieval data, or malicious extensions. Less is known about what happens after one agent is compromised inside a multi-agent network. In particular, inherited memory from parent agents can carry malicious instructions, outdated states, or unintended behavioral rules into newly created subagents, allowing a local compromise to spread across agent boundaries. In this paper, we model contemporary multi-agent networks through the lens of subagent inheritance. Our analysis shows that current frameworks can violate trust boundaries through insecure memory inheritance, weak resource control, stale post-spawn state, and improper termination authority. We demonstrate these risks in real agent frameworks and propose defenses based on explicit security invariants. Our findings show that inheritance is not merely an implementation detail, but a central component influencing the security of multi-agent systems.