MedSentry: Understanding and Mitigating Safety Risks in Medical LLM Multi-Agent Systems
This addresses safety concerns for medical LLM systems, though it is incremental as it builds on existing multi-agent and adversarial evaluation methods.
The paper tackled the safety risks of large language models in healthcare multi-agent systems by introducing MedSentry, a benchmark with 5,000 adversarial prompts across 25 threat categories, and found that decentralized architectures are more resilient, with a proposed detection mechanism restoring safety to near-baseline levels.
As large language models (LLMs) are increasingly deployed in healthcare, ensuring their safety, particularly within collaborative multi-agent configurations, is paramount. In this paper we introduce MedSentry, a benchmark comprising 5 000 adversarial medical prompts spanning 25 threat categories with 100 subthemes. Coupled with this dataset, we develop an end-to-end attack-defense evaluation pipeline to systematically analyze how four representative multi-agent topologies (Layers, SharedPool, Centralized, and Decentralized) withstand attacks from 'dark-personality' agents. Our findings reveal critical differences in how these architectures handle information contamination and maintain robust decision-making, exposing their underlying vulnerability mechanisms. For instance, SharedPool's open information sharing makes it highly susceptible, whereas Decentralized architectures exhibit greater resilience thanks to inherent redundancy and isolation. To mitigate these risks, we propose a personality-scale detection and correction mechanism that identifies and rehabilitates malicious agents, restoring system safety to near-baseline levels. MedSentry thus furnishes both a rigorous evaluation framework and practical defense strategies that guide the design of safer LLM-based multi-agent systems in medical domains.