{"ID":2857137,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.13842","arxiv_id":"2510.13842","title":"ADMIT: Few-shot Knowledge Poisoning Attacks on RAG-based Fact Checking","abstract":"Knowledge poisoning poses a critical threat to Retrieval-Augmented Generation (RAG) systems by injecting adversarial content into knowledge bases, tricking Large Language Models (LLMs) into producing attacker-controlled outputs grounded in manipulated context. Prior work highlights LLMs' susceptibility to misleading or malicious retrieved content. However, real-world fact-checking scenarios are more challenging, as credible evidence typically dominates the retrieval pool. To investigate this problem, we extend knowledge poisoning to the fact-checking setting, where retrieved context includes authentic supporting or refuting evidence. We propose \\textbf{ADMIT} (\\textbf{AD}versarial \\textbf{M}ulti-\\textbf{I}njection \\textbf{T}echnique), a few-shot, semantically aligned poisoning attack that flips fact-checking decisions and induces deceptive justifications, all without access to the target LLMs, retrievers, or token-level control. Extensive experiments show that ADMIT transfers effectively across 4 retrievers, 11 LLMs, and 4 cross-domain benchmarks, achieving an average attack success rate (ASR) of 86\\% at an extremely low poisoning rate of $0.93 \\times 10^{-6}$, and remaining robust even in the presence of strong counter-evidence. Compared with prior state-of-the-art attacks, ADMIT improves ASR by 11.2\\% across all settings, exposing significant vulnerabilities in real-world RAG-based fact-checking systems.","short_abstract":"Knowledge poisoning poses a critical threat to Retrieval-Augmented Generation (RAG) systems by injecting adversarial content into knowledge bases, tricking Large Language Models (LLMs) into producing attacker-controlled outputs grounded in manipulated context. Prior work highlights LLMs' susceptibility to misleading or...","url_abs":"https://arxiv.org/abs/2510.13842","url_pdf":"https://arxiv.org/pdf/2510.13842v2","authors":"[\"Yutao Wu\",\"Xiao Liu\",\"Yinghui Li\",\"Yifeng Gao\",\"Yifan Ding\",\"Jiale Ding\",\"Xiang Zheng\",\"Xingjun Ma\"]","published":"2025-10-11T14:50:40Z","proceeding":"cs.CL","tasks":"[\"cs.CL\",\"cs.AI\",\"cs.CR\"]","methods":"[\"RAG\",\"Large Language Model\",\"Language Model\"]","has_code":false}