[2603.00172] Hidden in the Metadata: Stealth Poisoning Attacks on Multimodal Retrieval-Augmented Generation

Computer Science > Cryptography and Security arXiv:2603.00172 (cs) [Submitted on 26 Feb 2026] Title:Hidden in the Metadata: Stealth Poisoning Attacks on Multimodal Retrieval-Augmented Generation Authors:Kennedy Edemacu, Mohammad Mahdi Shokri View a PDF of the paper titled Hidden in the Metadata: Stealth Poisoning Attacks on Multimodal Retrieval-Augmented Generation, by Kennedy Edemacu and 1 other authors View PDF HTML (experimental) Abstract:Retrieval-augmented generation (RAG) has emerged as a powerful paradigm for enhancing multimodal large language models by grounding their responses in external, factual knowledge and thus mitigating hallucinations. However, the integration of externally sourced knowledge bases introduces a critical attack surface. Adversaries can inject malicious multimodal content capable of influencing both retrieval and downstream generation. In this work, we present MM-MEPA, a multimodal poisoning attack that targets the metadata components of image-text entries while leaving the associated visual content unaltered. By only manipulating the metadata, MM-MEPA can still steer multimodal retrieval and induce attacker-desired model responses. We evaluate the attack across multiple benchmark settings and demonstrate its severity. MM-MEPA achieves an attack success rate of up to 91\% consistently disrupting system behaviors across four retrievers and two multimodal generators. Additionally, we assess representative defense strategies and find them largel...