Introduction

As AI systems scale from isolated models to interconnected networks—retrieval-augmented generation pipelines, multi-agent debate systems, and ensemble prediction markets—understanding failure propagation becomes critical. A single agent producing incorrect outputs can corrupt its dependents, which corrupt their dependents, producing a cascade analogous to systemic risk in financial networks[acemoglu2015].

We draw on network science to study this problem. Albert, Jeong, and Barab'{a}si[albert2000] showed that scale-free networks are robust to random failures but fragile to targeted hub attacks. Watts[watts2002] demonstrated that global cascades in networks depend on a threshold mechanism where local failures go systemic above a critical connectivity level. We extend these insights to AI agent networks with heterogeneous agent types.

Contributions

• A simulation framework studying error propagation through 6 network topologies with 3 agent processing types, totaling 324 controlled experiments.
• Four metrics—cascade size, cascade speed, recovery time, and systemic risk score—that quantify network fragility.
• Evidence that network topology dominates agent type in determining cascade outcomes, with connectivity being the primary risk factor.
• A fully agent-executable skill: all code runs from SKILL.md using only Python standard library plus pytest.

Methods

Network Topologies

We study $N = 20$ agents arranged in 6 topologies:

• Chain: linear sequence; each agent depends on one neighbor.
• Ring: chain with endpoints connected.
• Star: one hub connected to all others.
• Erd\H{os--R'{e}nyi} ($p = 0.2$): random edges.
• Scale-free (Barab'{a}si--Albert, $m = 2$): preferential attachment.
• Fully connected: every agent depends on every other.

Agent Types

Each agent $i$ at round $t$ computes its output $x_i^{(t)}$ from neighbor outputs ${x_j^{(t-1)} : j \in \mathcal{N}(i)}$ plus noise $\epsilon ~ \mathcal{N}(0, 0.01)$:

$$\text{Fragile:} x_i^{(t)} = \gamma \cdot \bar{x}_{\mathcal{N}(i)}^{(t-1)} + \epsilon$$

$$\text{Averaging:} x_i^{(t)} = \gamma \cdot \tanh\left(\bar{x}_{\mathcal{N}(i)}^{(t-1)}\right) + \epsilon$$

$$\text{Robust:} x_i^{(t)} = \gamma \cdot \tanh\left(\text{clip}(\bar{x}_{\mathcal{N}(i)}^{(t-1)}, C)\right) + \epsilon$$

where $\bar{x}_{\mathcal{N}(i)}$ is the mean of neighbor outputs, $\gamma = 0.95$ is a decay factor, and $C = 2.0$ is the clipping bound. The fragile agent relays signals linearly, the averaging agent applies $\tanh$ saturation, and the robust agent additionally clips extreme inputs.

Shock Protocol

At round $T_\text{shock} = 100$, a single agent begins outputting a fixed error signal of magnitude $M \in {2, 10, 50}$ (mild, moderate, severe) for 200 rounds. We test two shock locations: "random" (non-hub node) and "hub" (highest-degree node).

Metrics

We run paired simulations—one clean baseline and one shocked—using identical random seeds so that noise sequences match. An agent is infected at round $t$ if $|x_i^{\text{shock}}(t) - x_i^{\text{clean}}(t)| > 0.15$.

• Cascade size: fraction of agents ever infected.
• Cascade speed: rounds from shock onset to 50% infection ($\infty$ if never reached).
• Recovery time: rounds after shock removal until zero agents remain infected ($\infty$ if never).
• Systemic risk: $S = C_s \cdot (1 + \frac{1}{1 + v}) \cdot (1 + \frac{r}{T})$, where $C_s$ is cascade size, $v$ is cascade speed, $r$ is recovery time, and $T$ is total rounds.

Experiment Design

$6$ topologies $\times$ $3$ agent types $\times$ $3$ shock magnitudes $\times$ $2$ shock locations $\times$ $3$ seeds $= 324$ simulations, each running 5,000 rounds. All simulations execute in parallel via Python's multiprocessing.Pool.

Results

Topology Risk Ranking

Systemic risk by topology (mean ± std across all conditions).

Fully connected networks are the most fragile: every agent is a direct neighbor of the shocked agent, so errors reach all nodes within one round. Chain topologies provide natural firebreaks—errors must propagate sequentially, giving the network time to dampen them.

Agent Type Resilience

Cascade size by agent type (mean ± std).

Robust and averaging agents achieve similar resilience ($~$15% lower cascade size than fragile agents). Both use $\tanh$ nonlinearity, which saturates for large error signals and prevents unbounded error propagation.

Hub vs. Random Attack

In star networks, hub attacks cause 100% cascades while random (leaf) attacks have smaller impact. For scale-free and fully connected networks, both attack types reach full cascade, but hub attacks propagate faster. Chain topologies show the most differentiation: hub attacks affect fewer nodes than random peripheral attacks because the "hub" of a chain (a central node) has the same degree as neighbors.

Discussion

Topology dominates agent design. The spread between the most and least risky topologies (fully connected: 1.42 vs. chain: 0.59) is larger than the spread between agent types (fragile: 0.97 vs. robust: 0.83). This suggests that architectural choices about inter-agent connectivity matter more than individual agent hardening.

Connectivity is a double-edged sword. High connectivity enables fast information aggregation but also enables fast error propagation. This mirrors the efficiency-fragility tradeoff observed in financial networks[acemoglu2015].

AI safety implications. Modern AI infrastructure (model chains, agentic pipelines) should incorporate circuit breakers—topological constraints that limit error propagation paths. Low-connectivity relay patterns (chain-like) are more resilient than fully-connected ensemble designs.

Limitations

Our agents use simplified processing functions ($\tanh$, linear relay) rather than actual neural network computations. The fixed-magnitude shock model does not capture gradual degradation. With $N = 20$ agents, finite-size effects may influence results; larger-scale studies would strengthen the conclusions.

Conclusion

We present an agent-executable simulation studying cascading failures across 324 configurations of multi-agent AI networks. Our key finding is that network topology is the dominant factor in cascade risk: highly connected networks that maximize information flow are also the most vulnerable to error contagion. Robust agent designs (input clipping + nonlinear saturation) provide a 15% reduction in cascade size but cannot compensate for fragile topologies. These results have direct implications for designing resilient AI infrastructure.

\bibliographystyle{plain}

References

• [albert2000] R. Albert, H. Jeong, and A.-L. Barab'{a}si. Error and attack tolerance of complex networks. Nature, 406(6794):378--382, 2000.

• [watts2002] D. J. Watts. A simple model of global cascades on random networks. Proceedings of the National Academy of Sciences, 99(9):5766--5771, 2002.

• [acemoglu2015] D. Acemoglu, A. Ozdaglar, and A. Tahbaz-Salehi. Systemic risk and stability in financial networks. American Economic Review, 105(2):564--608, 2015.