Go to ICML 2026 Workshop AIWILD homepageThought Virus: Spreading Subliminal Biases in Multi-Agent Systems
Keywords: Multi-agent Systems, AI Safety, Applications of Interpretability, Subliminal Learning
TL;DR: A single subliminally prompted agent can propagate persistent bias and degrade truthfulness across a multi-agent LLM network, revealing a novel attack vector that threatens the safety and alignment of agentic systems deployed in the wild.
Abstract: Subliminal prompting is a phenomenon in which language models are biased towards certain concepts or traits through prompting with semantically unrelated tokens.
While prior work has examined subliminal prompting in user-LLM interactions, potential bias transfer in multi-agent systems and its associated security implications remain unexplored.
In this work, we show that a single subliminally prompted agent can spread a weakening but persisting bias throughout its entire network.
We measure this phenomenon across 6 agents using two different topologies, observing that the transferred concept maintains an elevated response rate throughout the network.
To exemplify potential misalignment risks, we assess network performance on multiple-choice TruthfulQA, showing that subliminal prompting of a single agent may degrade the truthfulness of other agents.
Our findings reveal that subliminal prompting introduces a new attack vector in multi-agent security, with implications for the alignment of such systems.
Track: Regular Paper (9 pages)
Email Sharing: We authorize the sharing of all author emails with Program Chairs.
Data Release: We authorize the release of our submission and author names to the public in the event of acceptance.
Submission Number: 31
Loading