Large language model (LLM)-driven multi-agent systems (MAS) are vulnerable to adversarial attacks, while existing defenses suffer from single-point failures or significant efficiency degradation. To address this, we propose AgentShield, a distributed, decentralized auditing framework. Our method introduces a three-tier collaborative mechanism: (1) dynamic auditing of critical nodes guided by topology-aware selection, (2) lightweight token-level sentinel verification via cascaded small models, and (3) on-demand, two-round consensus arbitration leveraging a heavyweight arbitrator. This design jointly optimizes robustness and efficiency. Experiments across diverse MAS topologies and adversarial scenarios demonstrate that AgentShield achieves a 92.5% system recovery rate, reduces auditing overhead by over 70%, and significantly outperforms baseline methods in collaborative accuracy.

Large Language Model (LLM)-based Multi-Agent Systems (MAS) offer powerful cooperative reasoning but remain vulnerable to adversarial attacks, where compromised agents can undermine the system's overall performance. Existing defenses either depend on single trusted auditors, creating single points of failure, or sacrifice efficiency for robustness. To resolve this tension, we propose extbf{AgentShield}, a distributed framework for efficient, decentralized auditing. AgentShield introduces a novel three-layer defense: extbf{(i) Critical Node Auditing} prioritizes high-influence agents via topological analysis; extbf{(ii) Light Token Auditing} implements a cascade protocol using lightweight sentry models for rapid discriminative verification; and extbf{(iii) Two-Round Consensus Auditing} triggers heavyweight arbiters only upon uncertainty to ensure global agreement. This principled design optimizes the robustness-efficiency trade-off. Experiments demonstrate that AgentShield achieves a 92.5% recovery rate and reduces auditing overhead by over 70% compared to existing methods, maintaining high collaborative accuracy across diverse MAS topologies and adversarial scenarios.