DECEIVE-AFC: Adversarial Claim Attacks against Search-Enabled LLM-based Fact-Checking Systems

TL;DR

This paper introduces DECEIVE-AFC, an adversarial attack framework that exposes vulnerabilities in search-enabled LLM-based fact-checking systems by disrupting evidence retrieval and reasoning, significantly reducing their accuracy.

Contribution

The paper presents a novel agent-based attack framework that effectively compromises search-enabled fact-checking systems without internal access, highlighting their robustness weaknesses.

Findings

Attacks reduce verification accuracy from 78.7% to 53.7%.

Proposed method outperforms existing attack baselines.

Attacks transfer effectively across different systems.

Abstract

Fact-checking systems with search-enabled large language models (LLMs) have shown strong potential for verifying claims by dynamically retrieving external evidence. However, the robustness of such systems against adversarial attack remains insufficiently understood. In this work, we study adversarial claim attacks against search-enabled LLM-based fact-checking systems under a realistic input-only threat model. We propose DECEIVE-AFC, an agent-based adversarial attack framework that integrates novel claim-level attack strategies and adversarial claim validity evaluation principles. DECEIVE-AFC systematically explores adversarial attack trajectories that disrupt search behavior, evidence retrieval, and LLM-based reasoning without relying on access to evidence sources or model internals. Extensive evaluations on benchmark datasets and real-world systems demonstrate that our attacks substantially degrade verification performance, reducing accuracy from 78.7% to 53.7%, and significantly outperform existing claim-based attack baselines with strong cross-system transferability.