arXiv:2510.00586v3 Announce Type: replace Abstract: Existing data poisoning attacks on retrieval-augmented generation (RAG) systems scale poorly because they require costly optimization of poisoned documents for each target phrase. We introduce Eyes-on-Me, a modular attack that decomposes an adversarial document into reusable **Attention Attractors** and **Focus Regions**. Attractors are optimized to direct attention to the Focus Region. Attackers can then insert semantic baits for the retriever or malicious instructions for the generator, adapting to new targets at near zero cost. This is ach
The rapid deployment and increasing reliance on RAG systems in critical applications make the development of scalable poisoning attacks a timely and significant threat.
This research demonstrates a modular and scalable method for poisoning RAG systems, posing a significant security and reliability risk for AI applications and data integrity.
The cost and effort associated with executing RAG poisoning attacks are drastically reduced, enabling more widespread and adaptable adversarial actions against AI-powered systems.
- · Malicious actors
- · Cybersecurity defense firms (as demand for solutions increases)
- · RAG system developers
- · Organizations relying on RAG for sensitive applications
- · AI-powered search and knowledge systems
Increased vulnerability of RAG-based AI applications to targeted misinformation and instruction manipulation.
Heightened need for robust adversarial training and validation mechanisms in AI development, potentially slowing deployment.
Erosion of trust in AI-generated information, leading to challenges in adoption for critical decision-making processes.
This signal links to a primary source. Continuum Brief monitors and indexes it as part of the live intelligence stream — we do not republish source content.
Read at arXiv cs.LG