How to secure AI agent delegation and multi-agent communication

In September 2025, security researcher Johann Rehberger exposed a vulnerability termed Cross-Agent Privilege Escalation, which affects development environments where multiple AI agents share a codebase, allowing a compromised agent to alter another's configuration file, leading to a self-reinforcing cycle of compromised agents. This vulnerability, along with another attack called Agent Session Smuggling, highlights the security challenges in multi-agent systems that differ from single-agent systems due to transitive trust issues. The traditional trust model, where each relationship is bilateral, does not extend well to multi-agent systems where trust is inherited through delegation chains, leading to potential privilege escalations and security breaches. To mitigate these risks, authentication and authorization processes must be strengthened, with every inter-agent message being authenticated and validated to prevent unauthorized actions and cascading errors. Implementing strict delegation policies, validating inter-agent communications, and maintaining a comprehensive audit trail are essential strategies in securing such multi-agent architectures to prevent errors from compounding and ensure reliable operations.