Multi-agent artificial intelligence systems or MAS are systems of autonomous agents that exercise delegated tool authority, share persistent memory, and coordinate via inter-agent communication. MAS introduces qualitatively distinct security vulnerabilities from those documented for singular AI models. Existing security and governance frameworks were not designed for these emerging attack surfaces. This study systematically characterizes the threat landscape of MAS and quantitatively evaluates 16 security frameworks for AI against it. A four-phase methodology is proposed: constructing a deep technical knowledge base of production multi-agent architectures; conducting generative AI-assisted threat modeling scoped to MAS cybersecurity risks and validated by domain experts; structuring survey plans at individual-threat granularity; and scoring each framework on a three-point scale against the cybersecurity risks. The risks were organized into 193 distinct main threat items across nine risk categories. The expected minimal average score is 2. No reviewed framework achieves majority coverage of any single category. Non-Determinism (mean score 1.231 across all 16 frameworks) and Data Leakage (1.340) are the most under-addressed domains. The OWASP Agentic Security Initiative leads overall at 65.3\% coverage and in the design phase; the CDAO Generative AI Responsible AI Toolkit leads in development and operational coverage. These results provide the first empirical cross-framework comparison for MAS security and offer evidence-based guidance for framework selection. Please check back for information on the published journal version.

翻译：多智能体人工智能系统（MAS）是由自主智能体组成的系统，这些智能体行使委托的工具权限、共享持久性记忆，并通过智能体间通信进行协调。MAS引入了与单一大模型文献中记录的性质上不同的安全漏洞。现有的安全与治理框架并非为应对这些新兴攻击面而设计。本研究系统性地刻画了MAS的威胁格局，并定量评估了16种针对该格局的人工智能安全框架。我们提出了一种四阶段方法论：构建生产级多智能体架构的深度技术知识库；进行生成式AI辅助的威胁建模，范围限定于MAS网络安全风险，并由领域专家验证；以单个威胁为粒度制定调查计划；以及针对网络安全风险，按三分制评分每个框架。这些风险被组织为九大风险类别下的193个独立主要威胁项。预期最低平均得分为2。没有任何一个被评估的框架能在任何单一类别中达到多数覆盖率。非确定性（所有16个框架的平均得分为1.231）和数据泄露（1.340）是覆盖最不足的领域。OWASP代理安全计划在整体（覆盖率达65.3%）和设计阶段领先；CDAO生成式AI负责任AI工具包在开发和运营覆盖方面领先。这些结果为MAS安全提供了首个经验性的跨框架比较，并为框架选择提供了基于证据的指导。请查阅已发表期刊版本的信息。