Large language model-based multi-agent systems (LLM-MAS) effectively accomplish complex and dynamic tasks through inter-agent communication, but this reliance introduces substantial safety vulnerabilities. Existing attack methods targeting LLM-MAS either compromise agent internals or rely on direct and overt persuasion, which limit their effectiveness, adaptability, and stealthiness. In this paper, we propose MAST, a Multi-round Adaptive Stealthy Tampering framework designed to exploit communication vulnerabilities within the system. MAST integrates Monte Carlo Tree Search with Direct Preference Optimization to train an attack policy model that adaptively generates effective multi-round tampering strategies. Furthermore, to preserve stealthiness, we impose dual semantic and embedding similarity constraints during the tampering process. Comprehensive experiments across diverse tasks, communication architectures, and LLMs demonstrate that MAST consistently achieves high attack success rates while significantly enhancing stealthiness compared to baselines. These findings highlight the effectiveness, stealthiness, and adaptability of MAST, underscoring the need for robust communication safeguards in LLM-MAS.

Xiaoming Zhang is currently an associate Professor, Doctoral Supervisor, and Deputy Director of the Laboratory of Information Security and Intelligent Information Processing at the School of Cyberspace Security, Beihang University. His main research focuses on intelligent security of large models, enhanced retrieval of large models, and multimodal fake news detection. He's already published over 60 academic papers in ACL、ACM MM、IJCAI、AAAI、EMNLP、CIKM、TOIS、TKDE、TIP、TMM、TCYB、TNNLS、PR, etc, applied for more than 10 patents, and led and participated in more than 10 projects including the National Natural Science Foundation, Equipment Pre research, Beijing Natural Science Foundation, and National 242 Information Security Special Project. Received one first prize for scientific and technological progress from the China Business Federation (1/15), one second prize for scientific and technological progress in Beijing (4/10), and one second prize for teaching achievements in Beijing (6/15).