To address security threats in multi-agent collaborative perception (CP), where malicious collaborators undermine perceptual consistency, this paper proposes CP-Guard—a probabilistically undetectable and adaptive defense framework. Methodologically, it introduces: (1) PASAC, a sample-level consensus mechanism requiring no prior probability knowledge, enabling robust identification of malicious agents; (2) CCLoss, a collaborative consistency loss tailored for both detection and segmentation tasks; and (3) a dual-sliding-window-based online adaptive thresholding mechanism for real-time anomaly detection under dynamic environments. Evaluated on BEV segmentation and 3D object detection benchmarks, CP-Guard significantly improves malicious agent detection rates and system robustness while maintaining high accuracy, low false-positive rates, and strong scalability. The framework establishes a novel paradigm for trustworthy collaboration in embodied multi-agent systems.

Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-Guard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework. Code will be released at https://github.com/CP-Security/CP-Guard