3 Multi-agent pipelines and orchestration

In the previous chapter, we established the definition of an AI agent: a decision-making entity that reasons, acts through tools, and records its behavior as artifacts. We created a triage agent operating within a clearly defined scope. However, real offensive security workflows rarely stop at a single decision point. Reconnaissance feeds triage. Triage feeds prioritization. Prioritization feeds testing, reporting, or escalation. Each stage produces artifacts that shape what happens next. Attempting to collapse this process into a single “smart” agent results in brittle systems, opaque behavior, and failures that are difficult to diagnose or defend against.

3.1 Why multi-agent systems?

3.2 Multi-agent mental model

3.3 Artifacts as agent interfaces

3.4 Artifact provenance, replay, and auditability

3.5 Agent orchestration and execution control

3.5.1 What the orchestrator does

3.5.2 3.6.2 Why do we need an orchestrator?

3.6 Shared state and memory boundaries

3.7 Safety gates and authorization control

3.7.1 Applying safety gates in multi-agent systems

3.7.2 Human in the loop

3.8 Error handling and resilience

3.8.1 Retry logic and exponential backoff

3.8.2 Checkpointing

3.8.3 Error classes and mitigation strategies

3.8.4 Monitoring, metrics, and alerts

3.8.5 Building confidence in AI agents through resilience

3.9 Metric visualization and auditing AI agents

3.9.1 Generating simple traces

3.9.2 Graph-based views

3.9.3 Correlating artifacts and logs

3.9.4 Defense through transparency

3.9.5 Practical visualization tips

3.10 Reconnaissance multi-agent pipeline

3.10.1 Pipeline overview

3.10.2 ReconNormalizeAgent

3.10.3 TriageAgent

3.10.4 ReportAgent

3.11 Failure modes in multi-agent systems