![[2509.23519] ReliabilityRAG: Effective and Provably Robust Defense for RAG-based Web-Search](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2509.23519] ReliabilityRAG: Effective and Provably Robust Defense for RAG-based Web-Search
Summary
The paper introduces ReliabilityRAG, a framework designed to enhance the robustness of Retrieval-Augmented Generation (RAG) systems against adversarial attacks on retrieval corpora, utilizing reliability signals for improved defense mechanisms.
Why It Matters
As RAG systems become integral to AI applications, ensuring their resilience against adversarial threats is crucial. This research provides a novel approach to safeguarding these systems, which is increasingly relevant in the context of AI safety and security.
Key Takeaways
- ReliabilityRAG leverages reliability signals to filter out malicious documents in RAG systems.
- The framework introduces a graph-theoretic approach to identify a 'consistent majority' among retrieved documents.
- A novel algorithm based on Maximum Independent Set (MIS) enhances robustness against adversarial corruption.
- Empirical results show that ReliabilityRAG outperforms previous methods in both robustness and accuracy.
- The scalable framework addresses computational challenges while maintaining robustness guarantees.
Computer Science > Cryptography and Security arXiv:2509.23519 (cs) [Submitted on 27 Sep 2025 (v1), last revised 15 Feb 2026 (this version, v2)] Title:ReliabilityRAG: Effective and Provably Robust Defense for RAG-based Web-Search Authors:Zeyu Shen, Basileal Imana, Tong Wu, Chong Xiang, Prateek Mittal, Aleksandra Korolova View a PDF of the paper titled ReliabilityRAG: Effective and Provably Robust Defense for RAG-based Web-Search, by Zeyu Shen and 5 other authors View PDF HTML (experimental) Abstract:Retrieval-Augmented Generation (RAG) enhances Large Language Models by grounding their outputs in external documents. These systems, however, remain vulnerable to attacks on the retrieval corpus, such as prompt injection. RAG-based search systems (e.g., Google's Search AI Overview) present an interesting setting for studying and protecting against such threats, as defense algorithms can benefit from built-in reliability signals -- like document ranking -- and represent a non-LLM challenge for the adversary due to decades of work to thwart SEO. Motivated by, but not limited to, this scenario, this work introduces ReliabilityRAG, a framework for adversarial robustness that explicitly leverages reliability information of retrieved documents. Our first contribution adopts a graph-theoretic perspective to identify a "consistent majority" among retrieved documents to filter out malicious ones. We introduce a novel algorithm based on finding a Maximum Independent Set (MIS) on a documen...
