Fact2Fiction: Targeted Poisoning Attack to Agentic Fact-checking System
This work addresses a critical security problem for fact-checking systems that combat misinformation, exposing vulnerabilities that could amplify false information.
This paper tackles the security of state-of-the-art fact-checking systems by introducing a novel poisoning attack framework called Fact2Fiction, which achieves 8.9% to 21.2% higher attack success rates than existing attacks across various poisoning budgets.
State-of-the-art (SOTA) fact-checking systems combat misinformation by employing autonomous LLM-based agents to decompose complex claims into smaller sub-claims, verify each sub-claim individually, and aggregate the partial results to produce verdicts with justifications (explanations for the verdicts). The security of these systems is crucial, as compromised fact-checkers can amplify misinformation, but remains largely underexplored. To bridge this gap, this work introduces a novel threat model against such fact-checking systems and presents \textsc{Fact2Fiction}, the first poisoning attack framework targeting SOTA agentic fact-checking systems. Fact2Fiction employs LLMs to mimic the decomposition strategy and exploit system-generated justifications to craft tailored malicious evidences that compromise sub-claim verification. Extensive experiments demonstrate that Fact2Fiction achieves 8.9\%--21.2\% higher attack success rates than SOTA attacks across various poisoning budgets and exposes security weaknesses in existing fact-checking systems, highlighting the need for defensive countermeasures.