The security and scalability of linear multi-agent workflows under adversarial attacks—such as prompt injection—remain poorly understood, particularly regarding the relationship between model scale and system robustness. This work reveals through multiscale experiments that increasing model size unexpectedly amplifies the risk of malicious instruction execution. To address this vulnerability, the authors propose Fixer, a lightweight terminal correction mechanism that, when deployed solely at the end of a linear topology, substantially restores system robustness. Experimental results demonstrate that, without Fixer, a 27B-parameter model suffers a performance drop of 53.7 percentage points under attack; with Fixer, this degradation is reduced to just 0.6 percentage points, nearly restoring baseline performance. These findings challenge the prevailing assumption that linear architectures are inherently fragile in adversarial settings.

As LLM-based multi-agent systems (MAS) are deployed in the wild, the resilience of their collaboration structures against adversarial compromise becomes a critical safety concern. Attackers may leverage prompt-injection or jailbreaking to sabotage individual agents within MAS workflows, but the interaction between model scaling and system-level resilience remains poorly understood. This paper investigates how model scale affects the security of linear multi-agent workflows. Our experiments across scales of two open-weight model families on the HumanEval benchmark reveal a compliance-correction symmetry: larger models are far more likely to faithfully execute malicious instructions, with the control-to-malicious performance drop reaching 53.7pp at 27B in uncorrected pipelines. However, appending a lightweight terminal Fixer stage collapses this to 0.6pp and restores statistical parity with control-level performance, demonstrating that strictly linear collaboration structures can be viable and resilient to adversaries at this scale, and suggesting that the brittleness previously attributed to linear topology may stem from a lack of correction.