This work identifies the inheritance mechanism from parent to child agents in multi-agent systems as a critical, previously overlooked security vulnerability. It demonstrates how compromised parent agents can exploit unsafe memory inheritance to propagate malicious states to their offspring, thereby enabling lateral movement of attacks across the agent network. The study systematically models trust boundary violations inherent in inheritance processes involving memory sharing, resource control, state synchronization, and termination privileges. To mitigate this risk, the authors propose a defense framework grounded in explicit safety invariants that constrain inheritance behaviors. Experimental evaluation on mainstream agent frameworks confirms that the proposed mechanism effectively blocks attack propagation stemming from insecure inheritance, substantially enhancing the overall security posture of multi-agent systems.

Since the official release of ChatGPT in 2022, large language models (LLMs) have rapidly evolved from chatbot-style interfaces into agentic systems that can delegate work through tools and newly spawned subagents. While these capabilities improve automation and scalability, they also pose new security risks in multi-agent networks. Existing research has studied how individual LLM-based agents can be compromised through prompt injection, jailbreaking, poisoned retrieval data, or malicious extensions. Less is known about what happens after one agent is compromised inside a multi-agent network. In particular, inherited memory from parent agents can carry malicious instructions, outdated states, or unintended behavioral rules into newly created subagents, allowing a local compromise to spread across agent boundaries. In this paper, we model contemporary multi-agent networks through the lens of subagent inheritance. Our analysis shows that current frameworks can violate trust boundaries through insecure memory inheritance, weak resource control, stale post-spawn state, and improper termination authority. We demonstrate these risks in real agent frameworks and propose defenses based on explicit security invariants. Our findings show that inheritance is not merely an implementation detail, but a central component influencing the security of multi-agent systems.