Powerful autonomous systems, which reason, plan, and converse using and between numerous tools and agents, are made possible by Large Language Models (LLMs), Vision-Language Models (VLMs), and new agentic AI systems, like LangChain and GraphChain. Nevertheless, this agentic environment increases the probability of the occurrence of multimodal prompt injection (PI) attacks, in which concealed or malicious instructions carried in text, pictures, metadata, or agent-to-agent messages may spread throughout the graph and lead to unintended behavior, a breach of policy, or corruption of state. In order to mitigate these risks, this paper suggests a Cross-Agent Multimodal Provenanc- Aware Defense Framework whereby all the prompts, either user-generated or produced by upstream agents, are sanitized and all the outputs generated by an LLM are verified independently before being sent to downstream nodes. This framework contains a Text sanitizer agent, visual sanitizer agent, and output validator agent all coordinated by a provenance ledger, which keeps metadata of modality, source, and trust level throughout the entire agent network. This architecture makes sure that agent-to-agent communication abides by clear trust frames such such that injected instructions are not propagated down LangChain or GraphChain-style-workflows. The experimental assessments show that multimodal injection detection accuracy is significantly enhanced, and the cross-agent trust leakage is minimized, as well as, agentic execution pathways become stable. The framework, which expands the concept of provenance tracking and validation to the multi-agent orchestration, enhances the establishment of secure, understandable and reliable agentic AI systems.

翻译：大型语言模型（LLM）、视觉语言模型（VLM）以及新兴的智能体人工智能系统（如 LangChain 和 GraphChain）使得强大的自主系统成为可能，这些系统能够利用多种工具和智能体进行推理、规划与对话。然而，这种智能体环境也增加了多模态提示注入攻击发生的可能性，其中隐藏在文本、图像、元数据或智能体间消息中的恶意指令可能在整个图谱中传播，导致意外行为、策略违反或状态损坏。为降低这些风险，本文提出一种跨智能体多模态溯源感知防御框架，该框架对所有用户生成或上游智能体产生的提示进行净化处理，并在发送至下游节点前，对LLM生成的所有输出进行独立验证。该框架包含文本净化智能体、视觉净化智能体及输出验证智能体，三者通过溯源账本协调运作；该账本在整个智能体网络中持续记录模态、来源及信任等级的元数据。此架构确保智能体间通信遵循明确的信任框架，使得注入的指令无法在 LangChain 或 GraphChain 式工作流中向下传播。实验评估表明，该框架显著提升了多模态注入检测的准确率，最小化了跨智能体信任泄漏，并使智能体执行路径趋于稳定。通过将溯源追踪与验证概念扩展至多智能体协同场景，本框架为建立安全、可理解且可靠的智能体人工智能系统提供了支持。