This work addresses a critical privacy vulnerability in black-box multi-agent systems, where the communication topology can be inferred by adversaries, potentially exposing system weaknesses and intellectual property. The paper introduces Communication Inference Attacks (CIA), a novel approach that leverages adversarial queries to elicit responses from intermediate agents. By integrating global bias disentanglement with large language model–guided weakly supervised learning, CIA models semantic dependencies to accurately reconstruct the underlying communication topology. To the best of our knowledge, this is the first method to achieve high-fidelity inference of optimized topologies under strict black-box conditions. Empirical evaluations across multiple systems demonstrate strong performance, with average AUC scores of 0.87 and peak results reaching 0.99, thereby uncovering a previously overlooked privacy threat in multi-agent coordination.

LLM-based Multi-Agent Systems (MAS) have demonstrated remarkable capabilities in solving complex tasks. Central to MAS is the communication topology which governs how agents exchange information internally. Consequently, the security of communication topologies has attracted increasing attention. In this paper, we investigate a critical privacy risk: MAS communication topologies can be inferred under a restrictive black-box setting, exposing system vulnerabilities and posing significant intellectual property threats. To explore this risk, we propose Communication Inference Attack (CIA), a novel attack that constructs new adversarial queries to induce intermediate agents' reasoning outputs and models their semantic correlations through the proposed global bias disentanglement and LLM-guided weak supervision. Extensive experiments on MAS with optimized communication topologies demonstrate the effectiveness of CIA, achieving an average AUC of 0.87 and a peak AUC of up to 0.99, thereby revealing the substantial privacy risk in MAS.