This research reveals how Retrieval-Augmented Generation (RAG) systems can be manipulated to spread biased information across multiple related queries, presenting significant security challenges.

• Demonstrates that attackers can poison knowledge bases to systematically manipulate opinions on entire topics
• Introduces a novel Topic-FlipRAG attack framework that targets interconnected queries rather than isolated facts
• Shows higher success rates for opinion manipulation (76.2%) compared to traditional attacks
• Proposes countermeasures to identify and mitigate knowledge poisoning attacks

As RAG systems increasingly influence information dissemination and public opinion, these findings highlight critical security vulnerabilities that must be addressed before widespread deployment in sensitive domains.

Topic-FlipRAG: Topic-Orientated Adversarial Opinion Manipulation Attacks to Retrieval-Augmented Generation Models