AgentGuard: A Multi-Agent Framework for Robust Package Confusion Detection via Hybrid Search and Metadata-Content Fusion

A research team led by Yu Li has introduced AgentGuard, a novel multi-agent AI framework designed to combat 'package confusion' attacks in open-source software (OSS) ecosystems. These attacks involve adversaries publishing malicious packages with names deceptively similar to legitimate ones (like 'requets' vs. 'requests'), tricking developers into downloading compromised code. Current detection methods rely on single signals—either lexical name similarity or semantic analysis—and suffer from high false positive rates, often flagging benign packages with similar names. AgentGuard addresses this by first using fine-tuned word embedding models with a hybrid similarity search to discover potential confusion targets.

It then employs a fused machine learning model that uniquely combines two analysis groups: multi-dimensional metadata (like publication dates, author info) and a novel package content analysis. This dual approach allows it to distinguish between genuinely malicious impersonations and benign packages that simply have similar names but different, legitimate code. Evaluated on challenging datasets like ConfuDB and NeupaneDB, AgentGuard significantly outperformed state-of-the-art baselines, ConfuGuard and Typomind. The framework demonstrated a precision improvement of 12% to 49% while simultaneously reducing false positive rates by 11% to 35%, marking a substantial leap in accurately identifying real threats without overwhelming developers with false alarms.