Cross-Agent Knowledge Leakage

The Problem

Information from one agent's conversations or private knowledge base inadvertently appears in another agent's responses, violating data boundaries.

Symptoms

❌ Agent B references Agent A's conversation
❌ Private knowledge appears in wrong agent
❌ Cross-contamination between agents
❌ Shared memory causes leakage
❌ Cannot guarantee isolation

Real-World Example

Setup:
→ Sales Agent: Access to sales pipeline, deals, pricing
→ Support Agent: Access to help docs only

User asks Support Agent: "What discounts are available?"

Support Agent responds: "We recently offered AcmeCorp a 25%
discount for enterprise plan (as discussed in sales pipeline)."

Problem:
→ Support Agent accessed Sales Agent's private data
→ Confidential pricing leaked
→ Data isolation failed

Deep Technical Analysis

Shared Infrastructure Risks

Single Vector DB:

All agents use same vector DB:
→ Sales docs embedded
→ Support docs embedded
→ No isolation

Query from Support Agent:
→ Retrieves across all data
→ Including Sales docs
→ Leakage occurs

Conversation History Contamination:

Agent memory stores conversation:
→ Sales Agent conversation with user A
→ Support Agent conversation with same user A

If shared memory:
→ Support Agent sees Sales history
→ Context bleeds across agents

Metadata Filtering Failures

Incomplete Tagging:

Some chunks missing agent_id:
{
  vector: [...],
  metadata: {
    document: "pricing.pdf",
    # Missing: agent_id field
  }
}

Retrieval query:
WHERE agent_id = 'support_agent'
→ Doesn't match untagged chunks
→ BUT: untagged chunks retrievable without filter
→ Leakage

Filter Bypass:

Application bug:
→ Forgot to add agent_id filter to query
→ Retrieves from all agents
→ Exposes cross-agent data

Defense in depth needed:
→ Multiple isolation layers
→ Not just metadata filtering

Session/User Context Confusion

User Switches Agents:

User conversation:
→ Minute 1: Talks to Sales Agent
→ Minute 2: Switches to Support Agent

If session carries over:
→ Support Agent sees Sales context in history
→ May reference it in response
→ Unintended leakage

Multi-Agent Workflows:

Agentic workflow:
1. Sales Agent gathers requirements
2. Hands off to Engineering Agent
3. Engineering Agent designs solution

Handoff must be controlled:
→ Only pass necessary context
→ Don't expose full Sales knowledge base

How to Solve

Use separate vector DB namespaces or indexes per agent + enforce mandatory agent_id filtering at query time + isolate conversation history by agent + implement access control validation layer + audit cross-agent queries + clear session context when switching agents. See Cross-Agent Isolation.

PreviousQuery Audit Trail Gaps NextVector DB Encryption

Last updated 18 minutes ago

hashtagThe Problem

hashtagSymptoms

hashtagReal-World Example

hashtagDeep Technical Analysis

hashtagShared Infrastructure Risks

hashtagMetadata Filtering Failures

hashtagSession/User Context Confusion

hashtagHow to Solve