Conflict-Aware Retriever Editing for Knowledge Injection Attacks on LLM-Based RAG Systems
Researchers have developed CAREATTACK, a novel framework for injecting malicious knowledge into retrieval-augmented generation (RAG) systems. This model-centric attack targets the dense retrieval model's parameters, promoting harmful information over benign evidence. CAREATTACK includes stages for conflict-aware editing and anchor repair to ensure attack effectiveness while minimizing impact on non-target prompts. Demonstrated on Qwen3-Embedding-0.6B and BGE-M3, the method successfully manipulates RAG systems, highlighting a significant security vulnerability in applications built on open-source retrieval models. AI
IMPACT This research reveals a practical attack surface in RAG systems, potentially impacting the security and reliability of AI applications.