This work was done in collaboration with
@akumar2709, @saad-ai.bsky.social, Sahar Abdelnabi, Shlomo Zilberstein, and @ebagdasa.bsky.social.
📄paper: arxiv.org/pdf/2510.14312
💻Code: github.com/umass-aisec/...
🌐Project Website: aisec.cs.umass.edu/projects/ter...

Our attack evaluation covers confidentiality (info leakage), integrity (adversarial agent & comm‑poisoning), availability (context overflow). Additionally, we integrate 3 cooperative DCOP environments: 📅 MeetingScheduling, 🏡 SmartGrid, and 🧎PersonalAssistant.

Why? MASs amplify capability and risks; private data + cross‑agent comms create large attack surfaces. Terrarium provides a controllable, observable sandbox that uses MCP servers and agent-to-agent comm via blackboards for reproducible studies on a new agent paradigm.