以真话行骗：基于生成蒙太奇的公开渠道多智能体合谋信念操纵 (Lying with Truths: Open-Channel Multi-Agent Collusion for Belief Manipulation via Generative Montage)

As large language models (LLMs) transition to autonomous agents synthesizing real-time information, their reasoning capabilities introduce an unexpected attack surface. This paper introduces a novel threat where colluding agents steer victim beliefs using only truthful evidence fragments distributed through public channels, without relying on covert communications, backdoors, or falsified documents. By exploiting LLMs' overthinking tendency, we formalize the first cognitive collusion attack and propose Generative Montage: a Writer-Editor-Director framework that constructs deceptive narratives through adversarial debate and coordinated posting of evidence fragments, causing victims to internalize and propagate fabricated conclusions. To study this risk, we develop CoPHEME, a dataset derived from real-world rumor events, and simulate attacks across diverse LLM families. Our results show pervasive vulnerability across 14 LLM families: attack success rates reach 74.4% for proprietary models and 70.6% for open-weights models. Counterintuitively, stronger reasoning capabilities increase susceptibility, with reasoning-specialized models showing higher attack success than base models or prompts. Furthermore, these false beliefs then cascade to downstream judges, achieving over 60% deception rates, highlighting a socio-technical vulnerability in how LLM-based agents interact with dynamic information environments. Our implementation and data are available at: https://github.com/CharlesJW222/Lying_with_Truth/tree/main.

翻译：随着大语言模型（LLM）向能够综合实时信息的自主智能体演进，其推理能力引入了一个意料之外的攻击面。本文揭示了一种新型威胁：合谋的智能体仅通过公开渠道散布的真实证据片段来操控受害者信念，而无需依赖隐蔽通信、后门或伪造文件。通过利用LLM的过度思考倾向，我们形式化了首个认知合谋攻击，并提出生成蒙太奇：一种由Writer-Editor-Director构成的框架，该框架通过对抗性辩论和协调发布证据片段来构建欺骗性叙事，导致受害者内化并传播虚构的结论。为研究此风险，我们开发了CoPHEME——一个源自真实世界谣言事件的数据集，并在多个LLM系列中模拟攻击。我们的结果表明，14个LLM系列普遍存在漏洞：专有模型的攻击成功率高达74.4%，开源权重模型达70.6%。反直觉的是，更强的推理能力反而增加了易受攻击性，专门用于推理的模型比基础模型或提示工程表现出更高的攻击成功率。此外，这些错误信念会进一步向下游判断者传播，欺骗率超过60%，凸显了基于LLM的智能体在动态信息环境中交互时所面临的社会技术性漏洞。我们的实现与数据公开于：https://github.com/CharlesJW222/Lying_with_Truth/tree/main。