TL;DR
This paper introduces TPARAG, a novel token-level attack method on RAG systems that effectively manipulates outputs by targeting both retrieval and generation stages, exposing critical security vulnerabilities.
Contribution
The paper presents TPARAG, a new framework for attacking RAG models at the token level, effective in both white-box and black-box scenarios, surpassing previous methods.
Findings
TPARAG achieves higher attack success rates than prior approaches.
The method exposes vulnerabilities in RAG pipelines.
Experimental results demonstrate robustness of TPARAG across datasets.
Abstract
While large language models (LLMs) have achieved remarkable success in providing trustworthy responses for knowledge-intensive tasks, they still face critical limitations such as hallucinations and outdated knowledge. To address these issues, the retrieval-augmented generation (RAG) framework enhances LLMs with access to external knowledge via a retriever, enabling more accurate and real-time outputs about the latest events. However, this integration brings new security vulnerabilities: the risk that malicious content in the external database can be retrieved and used to manipulate model outputs. Although prior work has explored attacks on RAG systems, existing approaches either rely heavily on access to the retriever or fail to jointly consider both retrieval and generation stages, limiting their effectiveness, particularly in black-box scenarios. To overcome these limitations, we…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
