The authors study security risks that arise when LLM agents spawn sub-agents (smaller agents created to delegate tasks). When a compromised parent agent creates a child, the child can inherit malicious instructions, stale state, or bad behavioral rules through shared memory — letting a single compromised agent spread its infection across an agent network. They model these "inheritance" vulnerabilities in current multi-agent frameworks and show that trust boundaries break down through insecure memory passing, weak resource controls, and improper termination rules.
Main takeaways:
- Modern LLM agent frameworks let agents spawn sub-agents that inherit memory and instructions from parents
- A single compromised agent can spread malicious behavior to children through inherited memory
- Current frameworks have weak boundaries: sub-agents inherit state they shouldn't have access to
- The authors propose defenses based on explicit security rules about what can and can't be inherited
- Inheritance is a core architectural security concern, not just an implementation detail