Cross-Agent Infection
Quick Answer
Cross-agent infection is a multi-agent prompt injection pattern in which an already-compromised agent propagates the adversary's instructions laterally to peer or delegated agents through inter-agent messages, summaries, shared memory, or consensus dynamics. It names the lateral-spread phase that follows a single-hop injection: recipients never see the original untrusted source, yet inherit the payload by treating the compromised agent's output as trusted task input.
Cross-Agent Infection
Cross-agent infection is the lateral-spread phase of multi-agent prompt injection. A single-hop injection compromises one agent; cross-agent infection is what happens when that agent's outputs become inputs to peer agents, who treat them as trusted task data and inherit the adversary's instructions. The compromised agent acts as a confused deputy, re-emitting the payload through delegation messages, debate contributions, summaries written to shared memory, or tool-call rationales. Two named research instances anchor the term: Prompt Infection, which models virus-like self-replication across interconnected agents, and MAD-Spear, which corrupts consensus by compromising a subset of debaters.
The defining property is propagation between agents, not the original entry point. Indirect prompt injection covers the one-hop case where untrusted content reaches a single agent; cross-agent infection is what that compromise does next inside a larger system.
See also
- Multi-agent prompt injection — the parent class; cross-agent infection is one pattern within it.
- What is multi-agent prompt injection? — longer treatment with attack paths and defenses.
- Multi-agent prompt injection defense checklist — operational controls that contain lateral spread.