{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2025:7WMM5URAYGU46URGER542NMCST","short_pith_number":"pith:7WMM5URA","schema_version":"1.0","canonical_sha256":"fd98ced220c1a9cf5226247bcd358294d9002ea391e607934a51c792ceb7f300","source":{"kind":"arxiv","id":"2502.17832","version":4},"attestation_state":"computed","paper":{"title":"MM-PoisonRAG: Disrupting Multimodal RAG with Local and Global Poisoning Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI","cs.CR","cs.CV"],"primary_cat":"cs.LG","authors_text":"Daniel Kang, Dimitrios Bralios, Heng Ji, Hyeonjeong Ha, Jeonghwan Kim, Kai-Wei Chang, Nanyun Peng, Qiusi Zhan, Saikrishna Sanniboina","submitted_at":"2025-02-25T04:23:59Z","abstract_excerpt":"Retrieval-augmented generation (RAG) has become a common practice in multimodal large language models (MLLM) to enhance factual grounding and reduce hallucination. Yet, its reliance on retrieval exposes MLLMs to knowledge poisoning attacks, in which adversaries deliberately inject malicious multimodal content into external knowledge bases to steer models toward generating incorrect or even harmful responses. We present MM-PoisonRAG, a framework to systematically study the vulnerability of multimodal RAG under knowledge poisoning. Specifically, we design two novel attack strategies: Localized P"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2502.17832","kind":"arxiv","version":4},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.LG","submitted_at":"2025-02-25T04:23:59Z","cross_cats_sorted":["cs.AI","cs.CR","cs.CV"],"title_canon_sha256":"aa6412854c3bdd091cd50c961f79e17773bf5944a9083578fae7d809d380891b","abstract_canon_sha256":"41892e5b4dd2b168f76a324908dd0e5c10a66fbf8687237427e3d353a21ae01f"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-28T01:04:26.933124Z","signature_b64":"0mElkx2GGVA6f3ZM+EuVIqkZNi+0xX+Nf2GCo86OHKJV6q5RglhE08fMtcaOPF4KPEGkNAzf9A9Km+zL12w2CQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"fd98ced220c1a9cf5226247bcd358294d9002ea391e607934a51c792ceb7f300","last_reissued_at":"2026-05-28T01:04:26.932461Z","signature_status":"signed_v1","first_computed_at":"2026-05-28T01:04:26.932461Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"MM-PoisonRAG: Disrupting Multimodal RAG with Local and Global Poisoning Attacks","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":["cs.AI","cs.CR","cs.CV"],"primary_cat":"cs.LG","authors_text":"Daniel Kang, Dimitrios Bralios, Heng Ji, Hyeonjeong Ha, Jeonghwan Kim, Kai-Wei Chang, Nanyun Peng, Qiusi Zhan, Saikrishna Sanniboina","submitted_at":"2025-02-25T04:23:59Z","abstract_excerpt":"Retrieval-augmented generation (RAG) has become a common practice in multimodal large language models (MLLM) to enhance factual grounding and reduce hallucination. Yet, its reliance on retrieval exposes MLLMs to knowledge poisoning attacks, in which adversaries deliberately inject malicious multimodal content into external knowledge bases to steer models toward generating incorrect or even harmful responses. We present MM-PoisonRAG, a framework to systematically study the vulnerability of multimodal RAG under knowledge poisoning. Specifically, we design two novel attack strategies: Localized P"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2502.17832","kind":"arxiv","version":4},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2502.17832/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2502.17832","created_at":"2026-05-28T01:04:26.932526+00:00"},{"alias_kind":"arxiv_version","alias_value":"2502.17832v4","created_at":"2026-05-28T01:04:26.932526+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2502.17832","created_at":"2026-05-28T01:04:26.932526+00:00"},{"alias_kind":"pith_short_12","alias_value":"7WMM5URAYGU4","created_at":"2026-05-28T01:04:26.932526+00:00"},{"alias_kind":"pith_short_16","alias_value":"7WMM5URAYGU46URG","created_at":"2026-05-28T01:04:26.932526+00:00"},{"alias_kind":"pith_short_8","alias_value":"7WMM5URA","created_at":"2026-05-28T01:04:26.932526+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":2,"internal_anchor_count":2,"sample":[{"citing_arxiv_id":"2603.09002","citing_title":"Security Considerations for Multi-agent Systems","ref_index":90,"is_internal_anchor":true},{"citing_arxiv_id":"2605.10253","citing_title":"Knowledge Poisoning Attacks on Medical Multi-Modal Retrieval-Augmented Generation","ref_index":59,"is_internal_anchor":true}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST","json":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST.json","graph_json":"https://pith.science/api/pith-number/7WMM5URAYGU46URGER542NMCST/graph.json","events_json":"https://pith.science/api/pith-number/7WMM5URAYGU46URGER542NMCST/events.json","paper":"https://pith.science/paper/7WMM5URA"},"agent_actions":{"view_html":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST","download_json":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST.json","view_paper":"https://pith.science/paper/7WMM5URA","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2502.17832&json=true","fetch_graph":"https://pith.science/api/pith-number/7WMM5URAYGU46URGER542NMCST/graph.json","fetch_events":"https://pith.science/api/pith-number/7WMM5URAYGU46URGER542NMCST/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST/action/timestamp_anchor","attest_storage":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST/action/storage_attestation","attest_author":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST/action/author_attestation","sign_citation":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST/action/citation_signature","submit_replication":"https://pith.science/pith/7WMM5URAYGU46URGER542NMCST/action/replication_record"}},"created_at":"2026-05-28T01:04:26.932526+00:00","updated_at":"2026-05-28T01:04:26.932526+00:00"}