Saved in:
Bibliographic Details
Main Authors: He, Haorui, Li, Yupeng, Zhu, Bin Benjamin, Wen, Dacheng, Cheng, Reynold, Lau, Francis C. M.
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.06059
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908658681511936
author He, Haorui
Li, Yupeng
Zhu, Bin Benjamin
Wen, Dacheng
Cheng, Reynold
Lau, Francis C. M.
author_facet He, Haorui
Li, Yupeng
Zhu, Bin Benjamin
Wen, Dacheng
Cheng, Reynold
Lau, Francis C. M.
contents State-of-the-art (SOTA) fact-checking systems combat misinformation by employing autonomous LLM-based agents to decompose complex claims into smaller sub-claims, verify each sub-claim individually, and aggregate the partial results to produce verdicts with justifications (explanations for the verdicts). The security of these systems is crucial, as compromised fact-checkers can amplify misinformation, but remains largely underexplored. To bridge this gap, this work introduces a novel threat model against such fact-checking systems and presents \textsc{Fact2Fiction}, the first poisoning attack framework targeting SOTA agentic fact-checking systems. Fact2Fiction employs LLMs to mimic the decomposition strategy and exploit system-generated justifications to craft tailored malicious evidences that compromise sub-claim verification. Extensive experiments demonstrate that Fact2Fiction achieves 8.9\%--21.2\% higher attack success rates than SOTA attacks across various poisoning budgets and exposes security weaknesses in existing fact-checking systems, highlighting the need for defensive countermeasures.
format Preprint
id arxiv_https___arxiv_org_abs_2508_06059
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Fact2Fiction: Targeted Poisoning Attack to Agentic Fact-checking System
He, Haorui
Li, Yupeng
Zhu, Bin Benjamin
Wen, Dacheng
Cheng, Reynold
Lau, Francis C. M.
Cryptography and Security
Computation and Language
State-of-the-art (SOTA) fact-checking systems combat misinformation by employing autonomous LLM-based agents to decompose complex claims into smaller sub-claims, verify each sub-claim individually, and aggregate the partial results to produce verdicts with justifications (explanations for the verdicts). The security of these systems is crucial, as compromised fact-checkers can amplify misinformation, but remains largely underexplored. To bridge this gap, this work introduces a novel threat model against such fact-checking systems and presents \textsc{Fact2Fiction}, the first poisoning attack framework targeting SOTA agentic fact-checking systems. Fact2Fiction employs LLMs to mimic the decomposition strategy and exploit system-generated justifications to craft tailored malicious evidences that compromise sub-claim verification. Extensive experiments demonstrate that Fact2Fiction achieves 8.9\%--21.2\% higher attack success rates than SOTA attacks across various poisoning budgets and exposes security weaknesses in existing fact-checking systems, highlighting the need for defensive countermeasures.
title Fact2Fiction: Targeted Poisoning Attack to Agentic Fact-checking System
topic Cryptography and Security
Computation and Language
url https://arxiv.org/abs/2508.06059