FlowSteer: Prompt-Only Workflow Steering Exposes Planning-Time Vulnerabilities in Multi-Agent LLM Systems

Fanxiao Li, Jiaying Wu, Tingchao Fu, Natasha Jaques, Wei Zhou, Min-Yen Kan
May 2026
PDF Cite DOI arXiv
Workflow steering shifts the attack surface from formed workflows to workflow formation.

Abstract

FlowSteer studies workflow formation as a planning-time attack surface in LLM-based multi-agent systems. It shows that prompts can steer agent organization and malicious-signal propagation without changing the MAS infrastructure, and introduces FlowGuard as an input-side defense.

Type
Journal article
Publication
arXiv preprint arXiv:2605.11514
Fanxiao Li
Fanxiao Li
CSC Visiting Student (Sep ‘25)

Visiting student; interests include Multimodal Misinformation, Large Vision-Language Models.

Jiaying Wu
Jiaying Wu
Research Fellow (Jul ‘24)

Postdoctoral Research Fellow at WING & NUS CTIC

Min-Yen Kan
Min-Yen Kan
Associate Professor

WING lead; interests include Digital Libraries, Information Retrieval and Natural Language Processing.