Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2508.06059 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866908658681511936 |
|---|---|
| author | He, Haorui Li, Yupeng Zhu, Bin Benjamin Wen, Dacheng Cheng, Reynold Lau, Francis C. M. |
| author_facet | He, Haorui Li, Yupeng Zhu, Bin Benjamin Wen, Dacheng Cheng, Reynold Lau, Francis C. M. |
| contents | State-of-the-art (SOTA) fact-checking systems combat misinformation by employing autonomous LLM-based agents to decompose complex claims into smaller sub-claims, verify each sub-claim individually, and aggregate the partial results to produce verdicts with justifications (explanations for the verdicts). The security of these systems is crucial, as compromised fact-checkers can amplify misinformation, but remains largely underexplored. To bridge this gap, this work introduces a novel threat model against such fact-checking systems and presents \textsc{Fact2Fiction}, the first poisoning attack framework targeting SOTA agentic fact-checking systems. Fact2Fiction employs LLMs to mimic the decomposition strategy and exploit system-generated justifications to craft tailored malicious evidences that compromise sub-claim verification. Extensive experiments demonstrate that Fact2Fiction achieves 8.9\%--21.2\% higher attack success rates than SOTA attacks across various poisoning budgets and exposes security weaknesses in existing fact-checking systems, highlighting the need for defensive countermeasures. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2508_06059 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Fact2Fiction: Targeted Poisoning Attack to Agentic Fact-checking System He, Haorui Li, Yupeng Zhu, Bin Benjamin Wen, Dacheng Cheng, Reynold Lau, Francis C. M. Cryptography and Security Computation and Language State-of-the-art (SOTA) fact-checking systems combat misinformation by employing autonomous LLM-based agents to decompose complex claims into smaller sub-claims, verify each sub-claim individually, and aggregate the partial results to produce verdicts with justifications (explanations for the verdicts). The security of these systems is crucial, as compromised fact-checkers can amplify misinformation, but remains largely underexplored. To bridge this gap, this work introduces a novel threat model against such fact-checking systems and presents \textsc{Fact2Fiction}, the first poisoning attack framework targeting SOTA agentic fact-checking systems. Fact2Fiction employs LLMs to mimic the decomposition strategy and exploit system-generated justifications to craft tailored malicious evidences that compromise sub-claim verification. Extensive experiments demonstrate that Fact2Fiction achieves 8.9\%--21.2\% higher attack success rates than SOTA attacks across various poisoning budgets and exposes security weaknesses in existing fact-checking systems, highlighting the need for defensive countermeasures. |
| title | Fact2Fiction: Targeted Poisoning Attack to Agentic Fact-checking System |
| topic | Cryptography and Security Computation and Language |
| url | https://arxiv.org/abs/2508.06059 |