Emerging leakage of sensitive or copyrighted content during collaborative reasoning in multi-agent large language model (LLM) systems—particularly within intermediate chain-of-thought (CoT) steps—poses a novel security and intellectual property risk. Method: This paper proposes a trigger-based inference-layer monitoring mechanism that shifts copyright detection from final outputs to explainable, intermediate CoT steps. It integrates CoT prompting, trigger-activated inference, real-time intermediate-state monitoring, and multi-agent communication auditing to enable fine-grained, traceable leakage localization. Contribution/Results: Evaluated on multiple benchmarks, the method achieves significantly higher leakage detection rates while degrading task performance by less than 1.2%. It is the first work to empirically validate the effectiveness and practicality of inference-layer monitoring for protecting intellectual property in multi-agent LLM systems.

As large language models (LLMs) evolve into autonomous agents capable of collaborative reasoning and task execution, multi-agent LLM systems have emerged as a powerful paradigm for solving complex problems. However, these systems pose new challenges for copyright protection, particularly when sensitive or copyrighted content is inadvertently recalled through inter-agent communication and reasoning. Existing protection techniques primarily focus on detecting content in final outputs, overlooking the richer, more revealing reasoning processes within the agents themselves. In this paper, we introduce CoTGuard, a novel framework for copyright protection that leverages trigger-based detection within Chain-of-Thought (CoT) reasoning. Specifically, we can activate specific CoT segments and monitor intermediate reasoning steps for unauthorized content reproduction by embedding specific trigger queries into agent prompts. This approach enables fine-grained, interpretable detection of copyright violations in collaborative agent scenarios. We evaluate CoTGuard on various benchmarks in extensive experiments and show that it effectively uncovers content leakage with minimal interference to task performance. Our findings suggest that reasoning-level monitoring offers a promising direction for safeguarding intellectual property in LLM-based agent systems.