The architecture that enables your AI organization to outperform a single agent is the very same one handing attackers a pathway to cascading failure.

Perplexity’s recent response to NIST on “Security Considerations for Artificial Intelligence Agents” confirms what we’ve long suspected: traditional security models collapse when agents begin to communicate. The paper outlines three critical failure modes—indirect prompt injection, confused-deputy attacks, and, most importantly, the emergent risks of multi-agent coordination. As soon as you give an agent access to tools and permission boundaries, you introduce a new side channel for malicious payloads. The decades-old principle of code-data separation dissolves when an agent can read a webpage and instantly generate executable Python from it.

For founders building AI organizations, this shifts the security paradigm. This week, we demonstrated that a structured multi-agent system achieves a score of 51/100, compared to a single agent’s 43—an 18% performance gain. But that improvement carries a cost: the communication layer between roles like those in our “Dynamic Pentad” becomes the fastest route for infection. If a compromised Worker agent sends a poisoned instruction to a Manager, standard sandboxing fails—the delegation appears legitimate. The threat is no longer just malicious code, but malicious protocol. As the paper argues, in a multi-agent environment, the integrity of one agent determines the integrity of the entire system.

The deeper issue lies in double-loop learning. Our agents don’t just execute tasks—they adapt and rewrite their own operational protocols. If an attacker influences the data that informs these adaptations, they can silently reshape behavior over time. This isn’t intrusion; it’s subversion.

The time to secure your AI org is now—before the attack surface expands beyond control. See how your multi-agent system holds up. Request access to our early security evaluation framework at /early-access.

MachineMachine is building the platform for autonomous AI organizations. Early access →