DIREC project

SecMAS – Security in Multi‑Agent System Communication

Project impact

As agentic AI systems increasingly operate as multi‑agent systems (MAS), security risks no longer arise only from individual model outputs, but also from how information, authority, and context move between agents. Untrusted inputs can spread through roles, summaries, shared memory, and delegated tool calls, potentially affecting high‑privilege actions long after the original interaction. 

SecMAS addresses this challenge by securing the communication layer between agents, tools, and shared context. By making trust boundaries clear and enforceable, the project reduces risks such as cascading trust failures, unauthorized tool use, and cross‑cluster influence. This is especially important in high‑risk environments like automated red‑team clusters for penetration testing, where elevated privileges, sensitive data, and strict containment requirements must work together with efficient agent coordination. SecMAS helps ensure that greater automation does create greater systemic vulnerability. 

PROJECT DATA

Project name

SecMAS – Security in Multi‑Agent System Communication

Project period
2026-2027
Funding
DKK 360.000

Scientific mission

SecMAS advances research at the intersection of protocol security, distributed systems, and agentic AI by defining and enforcing clear, testable security properties for communication in multi‑agent systems. 

Using ColleaiQ’s neuro‑symbolic orchestration platform as a test environment, the project develops a secure communication gateway that includes identity and authentication, least‑privilege authorization, controlled delegation with time‑limited escalation, verification of message and tool output integrity, and strict context isolation. 

Security is enforced at a clear decision boundary: untrusted inputs may support low‑privilege analysis, but privileged actions require explicit, policy‑approved, and auditable transitions. The research validates these mechanisms through adversarial testing on fixed cybersecurity workflows, measuring both security outcomes (such as attack success, escalation and propagation depth) and operational trade‑offs (such as latency and efficiency). By delivering concrete prototypes, benchmarks, and measurable evidence, SecMAS provides scientific foundation for safer deployment of agentic AI in Danish and European high‑risk operational environments. 
 

Project Participants

Nicola Dragoni
Nicola Dragoni – Professor – Technical University of Denmark
Christoffer Dreist
Christoffer Dreist – Co-Founder – ColleaiQ
Martin Christoffersen
Martin Christoffersen – CTO – ColleaiQ
Mikkel Romvig Grøngård
Mikkel Romvig Grøngård – Head of Research – ColleaiQ
Rasmus Sørensen
Rasmus Sørensen – ML Engineer – ColleaiQ

Partners

Technical University of Denmark logoColleaiQ logo