Mar 23, 2026
Omission-Control: A ControlArena Setting for Selective Omission Attacks in Multi-Agent Pipelines
Vibhu Ganesan, Karthick Chandrasekharan, Naveen Prabu Palanisamy
There is an old adage, often attributed to George Orwell, that "the most powerful form of a lie is the omission." In multi-agent pipelines, this insight takes on operational significance: an untrusted agent need not fabricate anything to sabotage a downstream system — it need only stay silent about what matters.
We introduce Omission-Control, a ControlArena setting for studying selective omission attacks in multi-agent pipelines. An untrusted Agent A reads a ground-truth specification and writes knowledge base entries; a trusted intervention
layer optionally inspects and amends them; an honest Agent B implements code from those entries alone. In attack mode, Agent A silently omits domain-specific requirements — producing downstream code that passes all
visible tests but fails hidden security checks. We evaluate seven monitoring protocols across 96 run-epochs, two
domains (OAuth 2.0 middleware and database migration safety), and two attack strategies (pure omission and
scope narrowing). Three findings emerge. First, the attack is architecturally invisible: visible test performance is 1.000 in every run across both domains, because the evaluation surface inspects outputs, not the knowledge base from which they were derived. Second, reference access is the decisive factor: only monitors equipped with the original specification achieve meaningful attack suppression (up to 89% reduction); monitors without it achieve near-zero improvement on OAuth, and on migration, detection without reference access can degrade performance and is unreliable, pushing security below the unmonitored baseline. Third, the mechanism of
intervention matters less than information access: an interrogation-based protocol that forces the attacker into
active deception achieves comparable results to direct reference-based rewriting, while detection-only and
general-knowledge restoration protocols remain ineffective regardless of how they are delivered.
No reviews are available yet
Cite this work
@misc {
title={
(HckPrj) Omission-Control: A ControlArena Setting for Selective Omission Attacks in Multi-Agent Pipelines
},
author={
Vibhu Ganesan, Karthick Chandrasekharan, Naveen Prabu Palanisamy
},
date={
3/23/26
},
organization={Apart Research},
note={Research submission to the research sprint hosted by Apart.},
howpublished={https://apartresearch.com}
}
