arXiv 2607.07989v1Jul 8, 2026

Who Broke the System? Failure Localization in LLM-Based Multi-Agent Systems

Yufei Xia et al.

Brief context

Publication timing, weekly edition context, and source links for this brief.

Published

Jul 8, 2026, 11:33 PM

Current score

79

Original paper

The executive brief below is grounded in the source paper and linked back to the arXiv abstract.

Large language model (LLM) based multi-agent systems enable complex problem solving through coordinated reasoning and action, but their distributed structure also introduces new challenges in diagnosing system-level failures. When an execution fails, identifying which agent is responsible and at what point the trajectory first becomes irreversibly misdirected is difficult due to long-horizon interactions and tightly coupled agent behaviors. In this paper, we study the problem of failure localization in LLM-based multi-agent systems and present AgentLocate, a framework that attributes failures to both a specific agent and the earliest decisive step. AgentLocate combines an LLM-based judging mechanism with multi-perspective verification by independent evaluators, whose assessments are aggregated using a confidence-aware strategy. The resulting feedback is further used to adapt the judge through lightweight fine-tuning, improving attribution quality. We evaluate AgentLocate on two complementary benchmarks covering diverse tasks, agent configurations, and trajectory lengths. Experimental results show that AgentLocate consistently outperforms existing failure localization methods in identifying both responsible agents and failure steps, while remaining efficient in terms of token usage and running time.

Score 79Full-paper briefagentsmodelstraininginference

Executive brief

A short business-reader brief that explains why the paper matters now and what to watch or do next.

Why this is worth your attention

Multi-agent AI systems will not scale in business-critical workflows unless teams can explain which agent broke the run and where the damage became irreversible. This paper offers a practical debugging pattern: use one LLM to form a failure hypothesis, use several independent evaluators to challenge it, then feed that critique back into a lightly fine-tuned judge. The reported benchmark gains and cost profile make this look closer to an operational observability tool than a pure research idea, but exact step-level blame is still fragile on long, messy trajectories.

  • If teams are moving from single copilots to multi-agent workflows, simple transcript logging will not be enough. The paper’s core move is to make root-cause analysis more structured: identify which agent caused the failure and the first step where the run became unrecoverable.
  • A useful buying question is whether an agent platform can produce a defensible agent-and-step attribution, and whether that attribution is checked by independent evaluators or just asserted by one model. Also ask whether the system actually replays counterfactual fixes or merely reasons over logs, because this paper does the latter.
  • The headline result is promising but not magic: in one Qwen-7B setting, AgentLocate reached 69.05% agent-level and 38.10% step-level accuracy, with runs measured in a few minutes and cents in the authors’ setup. The practical adoption signal would be fewer engineer-hours spent reconstructing failed agent runs, even when exact step attribution remains imperfect.
  • The evidence is strongest on benchmarked failures, including relatively small Who&When subsets, and exact step localization is still weak on long, messy trajectories. That matters because production incidents often involve exactly the kind of long context, upstream drift, and downstream symptom visibility that the authors say remains difficult.
  • The most consequential pattern may be the loop: use evaluator critiques from failed runs to lightly fine-tune the judge, turning incidents into better diagnostics. But the sensitivity to evaluator and judge choices means this is not yet a plug-and-play governance layer.

Evidence ledger

The strongest claims in the brief, along with the confidence and citation depth behind them.

stackhighp.1p.5

AgentLocate uses a judge-plus-evaluators workflow with confidence-weighted aggregation to localize the responsible agent and earliest decisive failure step.

capabilityhighp.7p.7

The authors report stronger benchmark localization performance than existing baselines, including a large agent-level gain in a Qwen-7B setting.

inferencemediump.22p.22

The reported cost profile is moderate relative to some baselines, though still requires multiple evaluator calls and optional fine-tuning.

caveathighp.19p.4

The main caveats are weaker exact step localization on long trajectories and reliance on inferred rather than executed counterfactuals.

Related briefs

More plain-English summaries from the archive with nearby topics or operator relevance.

cs.CR

The Salami Slicing Threat: Exploiting Cumulative Risks in LLM Systems

Yihao Zhang et al.

cs.AI

Policy-Invisible Violations in LLM-Based Agents

Jie Wu, Ming Gong

cs.AI

GuardNet: Ensemble Strategies of Shallow Neural Networks for Robust Prompt Injection and Jailbreak Detection

Paulo Ricardo Ferreira Neves et al.

cs.CR

Adaptive Evaluation of Out-of-Band Defenses Against Prompt Injection in LLM Agents

Praneeth Narisetty et al.

Thank you to arXiv for use of its open access interoperability. This product was not reviewed or approved by, nor does it necessarily express or reflect the policies or opinions of, arXiv.
LightDark