SilentRetrieval: Hijacking Retrieval-Augmented Generation via Semantically-Preserving Adversarial Data Poisoning
Researchers have developed "SilentRetrieval," a novel two-stage attack designed to compromise Retrieval-Augmented Generation (RAG) systems. This method uses adversarial data poisoning to inject manipulated documents that are semantically preserved and fluent, making them difficult to detect. The attack achieves high success rates in hijacking RAG outputs across various benchmarks and LLMs, even at low poisoning ratios, though defenses can mitigate its effectiveness at the cost of latency. AI
IMPACT Highlights a critical security vulnerability in RAG systems, potentially impacting the reliability and trustworthiness of AI-generated content.