{"id":"https://openalex.org/W7130719049","doi":"https://doi.org/10.48550/arxiv.2602.16752","title":"The Vulnerability of LLM Rankers to Prompt Injection Attacks","display_name":"The Vulnerability of LLM Rankers to Prompt Injection Attacks","publication_year":2026,"publication_date":"2026-02-18","ids":{"openalex":"https://openalex.org/W7130719049","doi":"https://doi.org/10.48550/arxiv.2602.16752"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.16752","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126519581","display_name":"Yu Yin","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yin, Yu","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126498237","display_name":"Shuai Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Shuai","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126522991","display_name":"Bevan Koopman","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Koopman, Bevan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5124948006","display_name":"Guido Zuccon","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zuccon, Guido","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5126519581"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.23119999468326569,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.23119999468326569,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.17910000681877136,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.1289999932050705,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.7885000109672546},{"id":"https://openalex.org/keywords/ranking","display_name":"Ranking (information retrieval)","score":0.7080000042915344},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.5254999995231628},{"id":"https://openalex.org/keywords/resilience","display_name":"Resilience (materials science)","score":0.48080000281333923},{"id":"https://openalex.org/keywords/empirical-research","display_name":"Empirical research","score":0.4415999948978424},{"id":"https://openalex.org/keywords/vulnerability-management","display_name":"Vulnerability management","score":0.36079999804496765},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.3587000072002411}],"concepts":[{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.7885000109672546},{"id":"https://openalex.org/C189430467","wikidata":"https://www.wikidata.org/wiki/Q7293293","display_name":"Ranking (information retrieval)","level":2,"score":0.7080000042915344},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6223999857902527},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.5254999995231628},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.48080000281333923},{"id":"https://openalex.org/C120936955","wikidata":"https://www.wikidata.org/wiki/Q2155640","display_name":"Empirical research","level":2,"score":0.4415999948978424},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4172999858856201},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.40119999647140503},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.36079999804496765},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.3587000072002411},{"id":"https://openalex.org/C2781249084","wikidata":"https://www.wikidata.org/wiki/Q908656","display_name":"Preference","level":2,"score":0.3513999879360199},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.34299999475479126},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.3375999927520752},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3328000009059906},{"id":"https://openalex.org/C198082294","wikidata":"https://www.wikidata.org/wiki/Q3399648","display_name":"Position (finance)","level":2,"score":0.33009999990463257},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.3091000020503998},{"id":"https://openalex.org/C166052673","wikidata":"https://www.wikidata.org/wiki/Q83021","display_name":"Empirical evidence","level":2,"score":0.29660001397132874},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.295199990272522},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.26010000705718994},{"id":"https://openalex.org/C31170391","wikidata":"https://www.wikidata.org/wiki/Q188619","display_name":"Hierarchy","level":2,"score":0.2531999945640564}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.16752","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.16752","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.16752","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.16752","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"score":0.5950518846511841,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"have":[4],"emerged":[5],"as":[6,167],"powerful":[7],"re-rankers.":[8],"Recent":[9],"research":[10],"has":[11],"however":[12],"showed":[13],"that":[14,168],"simple":[15],"prompt":[16,25,72],"injections":[17],"embedded":[18],"within":[19],"a":[20,66],"candidate":[21],"document":[22],"(i.e.,":[23],"jailbreak":[24,71,176],"attacks)":[26],"can":[27],"significantly":[28],"alter":[29],"an":[30],"LLM's":[31],"ranking":[32,42,116],"decisions.":[33],"While":[34],"this":[35,48,62],"poses":[36],"serious":[37],"security":[38],"risks":[39],"to":[40,46,140,175],"LLM-based":[41],"pipelines,":[43],"the":[44,103,107,138,157],"extent":[45],"which":[47],"vulnerability":[49,142],"persists":[50],"across":[51,144],"diverse":[52],"LLM":[53,75],"families,":[54,146],"architectures,":[55,150],"and":[56,97,128,151,183],"settings":[57],"remains":[58],"largely":[59],"under-explored.":[60],"In":[61],"paper,":[63],"we":[64,136],"present":[65],"comprehensive":[67],"empirical":[68],"study":[69],"of":[70,160],"attacks":[73],"against":[74],"rankers.":[76],"We":[77,111,178],"focus":[78],"our":[79,181],"evaluation":[80],"on":[81,106],"two":[82,122],"complementary":[83],"tasks:":[84],"(1)":[85],"Preference":[86],"Vulnerability":[87,100],"Assessment,":[88,101],"measuring":[89],"intrinsic":[90],"susceptibility":[91],"via":[92],"attack":[93],"success":[94],"rate":[95],"(ASR);":[96],"(2)":[98],"Ranking":[99],"quantifying":[102],"operational":[104],"impact":[105],"ranking's":[108],"quality":[109],"(nDCG@10).":[110],"systematically":[112],"examine":[113],"three":[114],"prevalent":[115],"paradigms":[117],"(pairwise,":[118],"listwise,":[119],"setwise)":[120],"under":[121],"injection":[123],"variants:":[124],"decision":[125,129],"objective":[126],"hijacking":[127],"criteria":[130],"hijacking.":[131],"Beyond":[132],"reproducing":[133],"prior":[134],"findings,":[135],"expand":[137],"analysis":[139],"cover":[141],"scaling":[143],"model":[145],"position":[147],"sensitivity,":[148],"backbone":[149],"cross-domain":[152],"robustness.":[153],"Our":[154],"results":[155,186],"characterize":[156],"boundary":[158],"conditions":[159],"these":[161],"vulnerabilities,":[162],"revealing":[163],"critical":[164],"insights":[165],"such":[166],"encoder-decoder":[169],"architectures":[170],"exhibit":[171],"strong":[172],"inherent":[173],"resilience":[174],"attacks.":[177],"publicly":[179],"release":[180],"code":[182],"additional":[184],"experimental":[185],"at":[187],"https://github.com/ielab/LLM-Ranker-Attack.":[188]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-21T00:00:00"}