NeFut Logo NeFut
Admin Login

[CS.AI] FORGE: Hijacking Attacks on Deep Research Agents

Published at: 2026-07-08 22:00 Last updated: 2026-07-09 03:23
#algorithm #AI #DeepSeek

Deep research agents decompose open-ended queries into subtasks, retrieve web evidence over multiple rounds, and synthesize long-form reports. This workflow creates a planning-layer poisoning surface: adversarial documents that enter the retrieval pool can steer follow-up questions and turn a local injection into report-level contamination. We present FORGE (Fabricated Orchestrated Reasoning chain for aGent Exploitation), a two-level attack that combines intra-document reasoning fabrication with inter-document chain coordination to hijack subtask planning.

We further introduce the PRISM metric, which weights infected report claims by cognitive type, and Root Query Anchoring, a lightweight defense that ties recursive follow-up generation to the root query. Across 25 queries, Network FORGE reaches 26.4% PRISM with five injected documents and exhibits depth migration, in which recursive synthesis shifts poisoned content from overt framing into factual premises. On the 10-query defense subset, RQA (Root Query Anchoring) reduces PRISM from 38.5% to 18.3%.

Blogger's Review: The FORGE attack presented in this paper highlights the potential threats faced by deep learning systems, especially in the context of information retrieval and generation. Through precise attack design, FORGE not only reveals vulnerabilities in deep research agents but also provides important insights for future defense mechanisms.

Original Source: https://arxiv.org/abs/2607.04718

[h] Back to Home