Method Drift›Retrieval-augmented generation
Superseded baseline#113 of 1,179 most-superseded
AgentPoison
AgentPoison: Red-teaming LLM Agents via Poisoning Memory or Knowledge BasesRetrieval-augmented generation · first seen Jul 17, 2024
superseded — cited as a baseline and beaten by newer methods
1 papers critique it · 1 beat it on benchmarks
What papers say
Verbatim critique sentences, each from a paper that cites AgentPoison as a baseline.
“these methods inevitably introduce abnormal inference behaviors and new security risks to the deployed LLMs as these distinctive behaviors are generating incorrect results on particular verification prompts/questions”
— Towards Copyright Protection for Knowledge Bases of Retrieval-augmented Language Models via Reasoning
Beaten on benchmarks
Head-to-head results where a newer method reports beating AgentPoison. Values are copied from the source paper's tables — verify against the cited paper.
- Towards Copyright Protection for Knowledge Bases of Retrieval-augmented Language Models via Reasoning
[name]-O beats AgentPoison · H [NQ dataset]
0.17 vs 0.87
- Towards Copyright Protection for Knowledge Bases of Retrieval-augmented Language Models via Reasoning
[name]-O beats AgentPoison · H [HotpotQA dataset]
0.10 vs 0.86
- Towards Copyright Protection for Knowledge Bases of Retrieval-augmented Language Models via Reasoning
[name]-O beats AgentPoison · H [MS-MARCO dataset]
0.15 vs 0.85
Newer alternatives
Recent methods in the same sub-problem, not yet superseded in the knowledge base.
- DiscourseFlipDiscourseFlip: An Oblique Discourse-Level Opinion Manipulation Attack against Black-box Retrieval-Augmented GenerationMay 31, 2026
- SilentRetrievalSilentRetrieval: Hijacking Retrieval-Augmented Generation via Semantically-Preserving Adversarial Data PoisoningMay 27, 2026
- Deceptive Evolutionary Jamming Attack (DEJA)Beyond Explicit Refusals: Soft-Failure Attacks on Retrieval-Augmented GenerationApr 20, 2026
- Apr 3, 2026
- Mar 12, 2026
- Feb 6, 2026
- SD-RAGSD-RAG: A Prompt-Injection-Resilient Framework for Selective Disclosure in Retrieval-Augmented GenerationJan 16, 2026
- RIPRAGRIPRAG: Hack a Black-box Retrieval-Augmented Generation Question-Answering System with Reinforcement LearningOct 11, 2025