Trigger as Entity: Backdoor Attacks to Graph-Based Retrieval-Augmented Generation of Large Language Models
Summary
Researchers discovered a new security vulnerability in graph-based RAG (retrieval-augmented generation, where an AI system pulls information from external knowledge graphs to answer questions) systems used with large language models. Attackers can poison the external database by inserting hidden triggers and false information into the knowledge graph, causing the AI to give wrong answers when those triggers appear in user queries while still answering normal questions correctly. The attack uses three types of triggers at different complexity levels, from simple words to semantic patterns, and tests showed the attack works across multiple AI systems.
Classification
Related Issues
Original source: http://ieeexplore.ieee.org/document/11547227
First tracked: June 18, 2026 at 08:03 PM
Classified by LLM (prompt v3) · confidence: 92%