RUNLOCALAIv38
->Will it run?Best GPUCompareTroubleshootStartLearnPulseModelsHardwareToolsBench
Run check
RUNLOCALAI

Independently operated catalog for local-AI hardware and software. Hand-written verdicts. Source-cited claims. Reproducible commands when we have them.

OP·Eruo Fredoline
DIR
  • Models
  • Hardware
  • Tools
  • Benchmarks
TOOLS
  • Will it run?
  • Compare hardware
  • Cost vs cloud
  • Choose my GPU
  • Prompting kits
  • Quick answers
REF
  • All buyer guides
  • Learn local AI
  • Methodology
  • Glossary
  • Errors KB
  • Trust
EDITOR
  • About
  • Author
  • How we make money
  • Editorial policy
  • Contact
LEGAL
  • Privacy
  • Terms
  • Sitemap
MAIL · MONTHLY DIGEST
Get monthly local AI changes
Monthly recap. No spam.
DISCLOSURE

Some links on this site are affiliate links (Amazon Associates and other first-class retailers). When you buy through them, we earn a small commission at no extra cost to you. Affiliate links do not influence our verdicts — there are cards we rate highly that we don't have affiliate relationships with, and cards that sell well that we refuse to recommend. Read more →

© 2026 runlocalai.coIndependently operated
RUNLOCALAI · v38
  1. >
  2. Home
  3. /Learn
  4. /Courses
  5. /Multi-Agent Systems
  6. /Ch. 18
Multi-Agent Systems

18. Security Considerations

Chapter 18 of 24 · 15 min
KEY INSIGHT

Multi-agent security requires defense in depth—context guards prevent injection attacks, authorization scoping limits tool access, and sandboxing contains adversarial behavior.

Multi-agent systems introduce security considerations beyond standard application security. Agents interact with external tools, share context across trust boundaries, and make decisions based on outputs from other agents—all potential attack vectors.

Context Injection Attacks

Malicious inputs to one agent can propagate through context sharing to affect other agents. Input validation and sanitization at system boundaries prevents injection of adversarial content into agent prompts.

# security/context_guard.py
import re
from dataclasses import dataclass
from typing import Optional

@dataclass
class SecurityContext:
    source_agent: str
    trust_level: str
    content_type: str
    sanitized: bool = False

class ContextGuard:
    def __init__(self, blocked_patterns: list[str] = None):
        self.blocked_patterns = blocked_patterns or [
            r'<script[^>]*>.*?</script>',
            r'javascript:',
            r'on\w+\s*=',
        ]
        self._compiled = [re.compile(p, re.IGNORECASE) for p in self.blocked_patterns]
    
    def validate(self, content: str) -> tuple[bool, Optional[str]]:
        for pattern in self._compiled:
            match = pattern.search(content)
            if match:
                return False, f"Blocked pattern detected: {match.group()}"
        return True, None
    
    def sanitize(self, content: str) -> str:
        for pattern in self._compiled:
            content = pattern.sub('[REDACTED]', content)
        return content

class AgentSecurityManager:
    def __init__(self, guard: ContextGuard):
        self.guard = guard
        self.trust_levels = {
            "system": 3,
            "verified": 2,
            "external": 1
        }
    
    def can_share_context(
        self, 
        source: SecurityContext, 
        target_trust_level: str
    ) -> bool:
        source_trust = self.trust_levels.get(source.source_agent, 0)
        target_trust = self.trust_levels.get(target_trust_level, 0)
        return source_trust >= target_trust
    
    def enforce_context_boundary(self, context: dict, target_agent: str) -> dict:
        if not self.can_share_context(context.get("security", {}), target_agent):
            return {"error": "Security policy violation", "redacted": True}
        return context

Tool Authorization

Agents invoking tools require authorization scoping. Tools receive minimal necessary permissions, and invocation logging captures all tool usage for audit trails.

Secrets Management

Agent configurations, API keys, and credentials require secure storage with rotation policies. Agents access secrets through secure channels rather than receiving them in plaintext configuration.

Adversarial Agent Behavior

Agents processing untrusted inputs may exhibit unexpected behaviors. Sandboxed execution environments, resource limits, and behavior monitoring detect and contain compromised agents.

EXERCISE

Implement a security policy engine that evaluates agent interaction permissions based on trust levels, content types, and destination agent classifications, blocking unauthorized cross-agent communication.

← Chapter 17
Scaling Agents
Chapter 19 →
Multi-Agent Testing