A query-agnostic black-box attack uses zero-shot surrogate LLMs and adversarial learning on learnable queries to create transferable injection tokens that alter LLM retriever rankings.
Stealthrank: Llm ranking manipulation via stealthy prompt optimization.arXiv preprint arXiv:2504.05804
2 Pith papers cite this work. Polarity classification is still indexing.
fields
cs.CR 2years
2026 2verdicts
UNVERDICTED 2representative citing papers
Gradient-based and instruction-override prompt injections largely fail to survive retrieval and reranking in realistic RAG systems, while only LLM-driven injections remain effective end-to-end, and all attacks are detectable by a lightweight guard.
citing papers explorer
-
"Someone Hid It": Query-Agnostic Black-Box Attacks on LLM-Based Retrieval
A query-agnostic black-box attack uses zero-shot surrogate LLMs and adversarial learning on learnable queries to create transferable injection tokens that alter LLM retriever rankings.
-
Can It Reach the Generator? Investigating the Survival of Prompt-Injection Attacks in Realistic RAG Settings
Gradient-based and instruction-override prompt injections largely fail to survive retrieval and reranking in realistic RAG systems, while only LLM-driven injections remain effective end-to-end, and all attacks are detectable by a lightweight guard.