While LLM-based Multi-Agent Systems (MAS) demonstrate remarkable problem-solving capabilities, their interconnectivity acts as a conduit for the rapid spread of malicious injections. Addressing the limitations of static defenses, we present TopoSHIELD, a framework that reshapes the flow of malice via risk-aware topological evolution. Our approach utilizes a spatio-temporal graph neural network to monitor interaction dynamics, calculating node risk entropy (NRE) and edge attack conductivity (EAC) to pinpoint vulnerabilities. Guided by these metrics, TopoSHIELD executes precise structural interventions, pruning high-risk edges and isolating compromised communities to block attack diffusion. Empirically, TopoSHIELD reduces toxicity by 58% on GPT-4o while preserving high utility (>90% success rate), outperforming existing baselines in both suppression efficiency and scalability.

Large Language Models (LLMs) for code generation can replicate insecure patterns from their training data. To mitigate this, a common strategy for security hardening is to fine-tune models using supervision derived from the final transformer layer. However, this design may suffer from a final-layer bottleneck: vulnerability-discriminative cues can be distributed across layers and become less detectable near the output representations optimized for next-token prediction. To diagnose this issue, we perform layer-wise linear probing. We observe that vulnerability-related signals are most detectable in a band of intermediate-to-upper layers yet attenuate toward the final layers. Motivated by this observation, we introduce DeepGuard, a framework that leverages distributed security-relevant cues by aggregating representations from multiple upper layers via an attention-based module. The aggregated signal powers a dedicated security analyzer within a multi-objective training objective that balances security enhancement and functional correctness, and further supports a lightweight inference-time steering strategy. Extensive experiments across five code LLMs demonstrate that DeepGuard improves the secure-and-correct generation rate by an average of 11.9% over strong baselines such as SVEN. It also preserves functional correctness while exhibiting generalization to held-out vulnerability types.