Generalizing information-flow control to orchestrations of black-box, proprietary LLM-based agents

Develop information-flow control techniques that generalize from single-agent settings to multi-agent systems composed of black-box agents implemented with proprietary commercial LLMs, where only inter-agent messaging at the orchestration layer is observable.

Background

The authors survey information-flow control (IFC) approaches that separate trusted and untrusted data flows, noting these methods typically rely on full visibility into an agent’s internal state and execution. Such visibility is unavailable when agents are implemented with proprietary commercial LLMs and orchestrated as opaque components.

They explicitly state that generalizing IFC to these multi-agent contexts is unclear, highlighting a gap between theory and practice for securing real-world orchestrations with limited introspection.

References

These are full-visibility defenses for single agents and it is unclear how to generalize them to orchestrations of black-box agents based on proprietary commercial LLMs.

Breaking and Fixing Defenses Against Control-Flow Hijacking in Multi-Agent Systems  (2510.17276 - Jha et al., 20 Oct 2025) in Section 7 (Related work), subsection Information flow control