"And the answer will usually be, 'I haven't been able to', because there's a lack of access, lack of knowledge, lack of resources.
Dinosaur fossils in Brazil reveal new giant species,更多细节参见safew 官网入口
go install github.com/jrswab/axe@latest。关于这个话题,谷歌提供了深入分析
% Depth 2: \count10018-\count10026
The paper demonstrated 90% success against knowledge bases containing millions of documents, using gradient-optimized payloads. What I tested is a vocabulary-engineering approach — no optimization against the embedding model — against a 5-document corpus. The corpus is obviously smaller than what the paper evaluated, so the success rate isn’t directly comparable. The value of a small local lab is reproducibility and clarity of mechanism, not scale. In a real production knowledge base with hundreds of documents on the same topic, the attacker needs more poisoned documents to reliably dominate the top-k — but the attack remains viable. The PoisonedRAG authors showed that even at millions-of-documents scale, five crafted documents are sufficient when using their optimization approach.