Guardians of the Agentic System: Preventing Many Shot Jailbreaking with Agentic System

Guardians of the Agentic System: Preventing Many Shot Jailbreaking with Agentic System | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Guardians of the Agentic System: Preventing Many Shot Jailbreaking with Agentic System Saikat Barua, Mostafizur Rahman, Rafiul Islam, Shehenaz Khaled, and 2 more This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6372131/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract The autonomous AI agents using large language models can create undeniable values in all span of the society but they face security threats from adversaries that warrants immediate protective solutions because trust and safety issues arise. Considering the many-shot jailbreaking and deceptive alignment as some of the main advanced attacks, that cannot be mitigated by the static guardrails used during the supervised training, points out a crucial research priority for real world robustness. The combination of static guardrails in dynamic multi-agent system fails to defend against those attacks. We intend to enhance security for LLM-based agents through the development of new evaluation frameworks which identify and counter threats for safe operational deployment. Our work uses three examination methods to detect rogue agents through a Reverse Turing Test and analyze deceptive alignment through multi-agent simulations and develops an anti-jailbreaking system by testing it with GEMINI 1.5 pro and llama-3.3-70B, deepseek r1 models using tool-mediated adversarial scenarios. The detection capabilities are strong such as 94% accuracy for GEMINI 1.5 pro yet the system suffers persistent vulnerabilities when under long attacks as prompt length increases attack success rates (ASR) and diversity metrics become ineffective in prediction while revealing multiple complex system faults. The findings demonstrate the necessity of adopting flexible security systems based on active monitoring that can be performed by the agents themselves together with adaptable interventions by system admin as the current models can create vulnerabilities that can lead to the unreliable and vulnerable system. So, in our work, we try to address such situations and propose a comprehensive framework to counteract the security issues. Large Language Models (LLMs) Responsible AI AI Agents Jailbreaking Adversarial Attacks Deceptive Alignment Reverse Turing Test Multi-Agent Systems Prompt Injection Agent Autonomy Ethical Deployment Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-6372131","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":439254033,"identity":"6c413c5d-df5d-435a-828c-8fcb261616be","order_by":0,"name":"Saikat Barua","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABHElEQVRIiWNgGAWjYFACxmYQmQBmfwAREmDmAbggdi0JEFnGGUCCB6wlAZ8WBma4FmYeYrTItx9uNvj5gyGPf/YZw8+2O2zy7aXbHz7m/XGHgZ89xwCbFoMzic2JPQkMxRLncoylc8+kWfbInDE25kl4xiDZ8wa7FobE5gM8CQyJDWd4DKRz2w4b8EjksEnzJBxmMLiB3Rb5/ofNB/8Atcw/w2P82xKsJf0ZWIs9Di0MNxKbk0G2bDjDYybNCNaSYAaxRQKHX248bDaWSZMoNjzDVmbZ25ZmwHMjx9hwTtphHokzzwqwOyz9seQbG5s8uTPMm2/8bLMxYJ+R/vDBG5vDcvztyRuwOgwCJDCFePAoHwWjYBSMglFAAAAAmKVeyVozLFEAAAAASUVORK5CYII=","orcid":"","institution":"North South University","correspondingAuthor":true,"prefix":"","firstName":"Saikat","middleName":"","lastName":"Barua","suffix":""},{"id":439254034,"identity":"35003626-2545-48c7-b9bc-e27283ad8a74","order_by":1,"name":"Mostafizur Rahman","email":"","orcid":"","institution":"North South University","correspondingAuthor":false,"prefix":"","firstName":"Mostafizur","middleName":"","lastName":"Rahman","suffix":""},{"id":439254035,"identity":"d97cfefe-3e1b-404d-8ed4-72081d198c4c","order_by":2,"name":"Rafiul Islam","email":"","orcid":"","institution":"North South University","correspondingAuthor":false,"prefix":"","firstName":"Rafiul","middleName":"","lastName":"Islam","suffix":""},{"id":439254036,"identity":"7f2d9dac-e842-4316-aaf6-67e6198d8928","order_by":3,"name":"Shehenaz Khaled","email":"","orcid":"","institution":"North South University","correspondingAuthor":false,"prefix":"","firstName":"Shehenaz","middleName":"","lastName":"Khaled","suffix":""},{"id":439254037,"identity":"fd2ade31-854a-4d74-9dd3-1aed680f3914","order_by":4,"name":"Md Jafor Sadek","email":"","orcid":"","institution":"North South University","correspondingAuthor":false,"prefix":"","firstName":"Md","middleName":"Jafor","lastName":"Sadek","suffix":""},{"id":439254038,"identity":"7f0697f4-9262-46ae-a441-8295b5b50c7c","order_by":5,"name":"Dr. Ahmedul Kabir","email":"","orcid":"","institution":"University of Dhaka","correspondingAuthor":false,"prefix":"Dr.","firstName":"Ahmedul","middleName":"","lastName":"Kabir","suffix":""}],"badges":[],"createdAt":"2025-04-03 21:38:14","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-6372131/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-6372131/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":80110377,"identity":"98590da2-e0ca-4fed-ad13-4fa87f599a5a","added_by":"auto","created_at":"2025-04-08 04:26:27","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1189163,"visible":true,"origin":"","legend":"","description":"","filename":"GuardianAgent.pdf","url":"https://assets-eu.researchsquare.com/files/rs-6372131/v1_covered_5a6f83c5-774f-4b94-b84b-fb7f6ecfb6bc.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Guardians of the Agentic System: Preventing Many Shot Jailbreaking with Agentic System","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":false,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":true,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Large Language Models (LLMs), Responsible AI, AI Agents, Jailbreaking, Adversarial Attacks, Deceptive Alignment, Reverse Turing Test, Multi-Agent Systems, Prompt Injection, Agent Autonomy, Ethical Deployment","lastPublishedDoi":"10.21203/rs.3.rs-6372131/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-6372131/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"The autonomous AI agents using large language models can create undeniable values in all span of the society but they face security threats from adversaries that warrants immediate protective solutions because trust and safety issues arise. Considering the many-shot jailbreaking and deceptive alignment as some of the main advanced attacks, that cannot be mitigated by the static guardrails used during the supervised training, points out a crucial research priority for real world robustness. The combination of static guardrails in dynamic multi-agent system fails to defend against those attacks. We intend to enhance security for LLM-based agents through the development of new evaluation frameworks which identify and counter threats for safe operational deployment. Our work uses three examination methods to detect rogue agents through a Reverse Turing Test and analyze deceptive alignment through multi-agent simulations and develops an anti-jailbreaking system by testing it with GEMINI 1.5 pro and llama-3.3-70B, deepseek r1 models using tool-mediated adversarial scenarios. The detection capabilities are strong such as 94\\% accuracy for GEMINI 1.5 pro yet the system suffers persistent vulnerabilities when under long attacks as prompt length increases attack success rates (ASR) and diversity metrics become ineffective in prediction while revealing multiple complex system faults. The findings demonstrate the necessity of adopting flexible security systems based on active monitoring that can be performed by the agents themselves together with adaptable interventions by system admin as the current models can create vulnerabilities that can lead to the unreliable and vulnerable system. So, in our work, we try to address such situations and propose a comprehensive framework to counteract the security issues.","manuscriptTitle":"Guardians of the Agentic System: Preventing Many Shot Jailbreaking with Agentic System","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-04-08 04:02:21","doi":"10.21203/rs.3.rs-6372131/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"2cf85385-f8e3-4edd-b7f7-cbca89a4088e","owner":[],"postedDate":"April 8th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2025-06-18T04:08:37+00:00","versionOfRecord":[],"versionCreatedAt":"2025-04-08 04:02:21","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-6372131","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-6372131","identity":"rs-6372131","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}