Human-Imperceptible Retrieval Poisoning Attacks in LLM-Powered Applications

arXiv:2404.17196v1 Announce Type: new
Abstract: Presently, with the assistance of advanced LLM application development frameworks, more and more LLM-powered applications can effortlessly augment the LLMs' knowledge with external content using the retrieval augmented generation (RAG) technique. However, these frameworks' designs do not have sufficient consideration of the risk of external content, thereby allowing attackers to undermine the applications developed with these frameworks. In this paper, we reveal a new threat to LLM-powered applications, termed retrieval poisoning, where attackers can guide …

advanced application application development applications arxiv assistance attacks can cs.ai cs.cr development external frameworks human knowledge llm llms poisoning poisoning attacks rag risk