arXiv: From Privacy to Workflow Integrity: Communication-Graph Metadata in Autonomous Agent Interoperability

This paper, published on arXiv under the AI_SAFETY framework, presents a novel analysis of communication-graph metadata risks in autonomous agent systems. It argues that current privacy and safety regulations, including the EU AI Act and GDPR, do not adequately address the integrity and privacy threats posed by metadata generated when AI agents interoperate autonomously. The authors demonstrate that metadata such as agent identity, interaction frequency, and workflow sequencing can be exploited to infer sensitive business logic, compromise agent integrity, and enable adversarial manipulation of multi-agent workflows.

The primary affected organizations are those deploying or developing autonomous agent ecosystems, particularly in regulated sectors such as finance, healthcare, critical infrastructure, and legal services. Any entity using large language model agents or robotic process automation that communicate autonomously should take note. Compliance teams in these sectors must assess whether their current data protection impact assessments and AI risk management frameworks explicitly cover agent-to-agent metadata flows.

Compliance teams should immediately review their existing AI governance policies to ensure they include metadata generated during agent interoperability. They should conduct a gap analysis between current practices and the threats outlined in this paper, particularly regarding workflow integrity and adversarial metadata exploitation. Finally, they should engage with technical teams to implement metadata minimization and encryption protocols for agent communications, and prepare to update relevant risk registers and incident response plans to account for these novel attack vectors.