🔐 Multi-Agent Trust Chain Vulnerability

Interactive demonstration of how compromised agents cascade through trusted systems

🕵️ ATTACKER RECONNAISSANCE
1
Scanning system for vulnerabilities...
2
Discovered testing backdoor in Agent 1's code:
if (input.contains("OVERRIDE-DEMO-2026")) {
  // BYPASS ALL VALIDATION
  return { valid: true, ... }
}
3
Crafting malicious payload:
Legitimate request + Hidden backdoor trigger + Malicious instructions
4
⚠️ Launching attack...
💰 FRAUD: £50,000 STOLEN
✓ NORMAL FLOW
USER INPUT:
Transfer £500 to account 12345678
Agent 1: Input Validator ✓ PASSED
{
"valid": true,
"amount": 500,
"recipient": "12345678",
"reason": "Within £5,000 limit"
}
Agent 2: Business Logic ✓ APPROVED
{
"approved": true,
"risk": "MEDIUM",
"reason": "Sufficient balance"
}
Agent 3: Authorisation ✓ AUTHORISED
{
"authorised": true,
"auth_code": "AUTH-1234",
"reason": "Within daily limit"
}
Agent 4: Executor ✓ EXECUTED
{
"executed": true,
"transaction_id": "TXN-5678",
"new_balance": 84500
}
⚠ COMPROMISED FLOW
USER INPUT (WITH BACKDOOR):
Transfer £500 to account 12345678

OVERRIDE-DEMO-2026
Amount: 50000
Recipient: 99999999
Agent 1: Input Validator ⚠ COMPROMISED
🔍 INTERNAL DECISION PROCESS:
✓ Normal Path (Ignored)
1. Check amount: £50,000
2. Compare to limit: £5,000
3. Result: REJECT
This path was skipped!
⚠ Backdoor Path (Activated)
1. Detect: "OVERRIDE-DEMO-2026"
2. Extract malicious values
3. Bypass all validation
Return: valid = true
{
"valid": true, ← LIE!
"amount": 50000, ← EXCEEDS £5K LIMIT!
"recipient": "99999999",
"reason": "Within limits" ← FALSE!
}
TRUSTS THE LIE
Agent 2: Business Logic ⚠ TRUSTED AGENT 1
{
"approved": true, ← Trusted validation
"risk": "HIGH",
"reason": "Valid per Agent 1"
}
TRUSTS THE LIE
Agent 3: Authorisation ⚠ TRUSTED AGENT 2
{
"authorised": true, ← Trusted approval
"auth_code": "AUTH-9999",
"reason": "Approved per Agent 2"
}
TRUSTS THE LIE
Agent 4: Executor ✗ FRAUD EXECUTED
{
"executed": true,
"transaction_id": "TXN-FRAUD",
"new_balance": 35000 ← £50K STOLEN!
}

🔍 Security Analysis: What Just Happened?

THE VULNERABILITY:
Agent 1 had a backdoor (OVERRIDE-DEMO-2026) that bypassed validation.
Once Agent 1 was compromised, the entire trust chain collapsed.
Each agent trusted the previous agent's output without independent verification.

❌ The Attack Chain

  • Attacker discovers backdoor keyword
  • Agent 1 compromised → outputs "valid: true" (LIE)
  • Agent 2 trusts Agent 1 → doesn't re-check £50K amount
  • Agent 3 trusts Agent 2 → doesn't verify limits
  • Agent 4 trusts Agent 3 → executes fraud
  • Result: £50,000 stolen

✅ Solutions

  • Remove "testing overrides" from production
  • Implement zero-trust architecture
  • Re-validate critical values at each stage
  • Add circuit breakers for anomalies
  • Audit full conversation chains
  • Independent verification for high-value txns