This research introduces DIGA (Deterministic Influential tokensGuided Attack), a novel black-box attack that efficiently poisons corpora used by retrieval-augmented generation systems.

• Creates adversarial passages that manipulate retrieval results with minimal computation
• Achieves 93.5% attack success rate while being 7.8× faster than existing methods
• Requires no training or gradient computation, making it highly accessible to attackers
• Exploits the vulnerability of token-level influence in dense retrievers

This research highlights critical security vulnerabilities in RAG systems, which are increasingly deployed in enterprise environments. Organizations implementing retrieval-augmented AI must address these threats through robust defense mechanisms and content validation.

Tricking Retrievers with Influential Tokens: An Efficient Black-Box Corpus Poisoning Attack