{"id":"https://openalex.org/W7156575627","doi":"https://doi.org/10.48550/arxiv.2604.23483","title":"Agentic Adversarial Rewriting Exposes Architectural Vulnerabilities in Black-Box NLP Pipelines","display_name":"Agentic Adversarial Rewriting Exposes Architectural Vulnerabilities in Black-Box NLP Pipelines","publication_year":2026,"publication_date":"2026-04-26","ids":{"openalex":"https://openalex.org/W7156575627","doi":"https://doi.org/10.48550/arxiv.2604.23483"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.23483","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.23483","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.23483","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013922720","display_name":"Mazal Bethany","orcid":"https://orcid.org/0000-0002-3227-9806"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bethany, Mazal","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134786420","display_name":"Kim-Kwang Raymond Choo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Choo, Kim-Kwang Raymond","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083805756","display_name":"Nishant Vishwamitra","orcid":"https://orcid.org/0000-0002-3728-1921"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vishwamitra, Nishant","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5017210698","display_name":"Peyman Najafirad","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Najafirad, Peyman","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7642999887466431,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7642999887466431,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.09510000050067902,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10181","display_name":"Natural Language Processing Techniques","score":0.017000000923871994,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.7846999764442444},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7599999904632568},{"id":"https://openalex.org/keywords/rewriting","display_name":"Rewriting","score":0.5472999811172485},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.4934000074863434},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.3865000009536743},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.3695000112056732},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.366100013256073}],"concepts":[{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.7846999764442444},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7730000019073486},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7599999904632568},{"id":"https://openalex.org/C154690210","wikidata":"https://www.wikidata.org/wiki/Q1668499","display_name":"Rewriting","level":2,"score":0.5472999811172485},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.4934000074863434},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.42800000309944153},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4074999988079071},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.3865000009536743},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.3695000112056732},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.366100013256073},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.36329999566078186},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.35120001435279846},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3479999899864197},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.32100000977516174},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.3206000030040741},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.3100999891757965},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.2865000069141388},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.27059999108314514},{"id":"https://openalex.org/C103613024","wikidata":"https://www.wikidata.org/wiki/Q230924","display_name":"Stateless protocol","level":3,"score":0.2619999945163727},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.260699987411499}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.23483","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.23483","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.23483","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.23483","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.8112573623657227}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Multi-component":[0],"natural":[1],"language":[2,95],"processing":[3],"(NLP)":[4],"pipelines":[5],"are":[6],"increasingly":[7],"deployed":[8],"for":[9,105],"high-stakes":[10],"decisions,":[11],"yet":[12],"no":[13,26],"existing":[14],"adversarial":[15],"method":[16],"can":[17],"test":[18],"their":[19],"robustness":[20],"under":[21,118],"realistic":[22],"conditions:":[23],"binary-only":[24],"feedback,":[25],"gradient":[27],"access,":[28],"and":[29,40,160],"strict":[30,36],"query":[31],"budgets.":[32],"We":[33],"formalize":[34],"this":[35],"black-box":[37],"threat":[38,120],"model":[39,96],"propose":[41],"a":[42,48,59,73,135],"two-agent":[43],"evasion":[44,86,186,209],"framework":[45,84],"operating":[46],"in":[47],"semantic":[49],"perturbation":[50,107],"space.":[51],"An":[52],"Attacker":[53],"Agent":[54,62],"generates":[55],"meaning-preserving":[56],"rewrites":[57,192],"while":[58],"Prompt":[60],"Optimization":[61],"refines":[63],"the":[64,83,144,169,174,208],"attack":[65,145],"strategy":[66,181],"using":[67],"only":[68],"binary":[69],"decision":[70],"feedback":[71],"within":[72],"10-query":[74],"budget.":[75],"Evaluated":[76],"against":[77,173],"four":[78,194],"evidence-based":[79],"misinformation":[80],"detection":[81],"pipelines,":[82],"achieves":[85],"rates":[87],"of":[88,190],"19.95":[89],"to":[90,101,213],"40.34%":[91],"on":[92,111,126],"modern":[93],"large":[94],"(LLM)":[97],"based":[98],"systems,":[99],"compared":[100],"at":[102,200],"most":[103,175],"3.90%":[104],"token-level":[106],"baselines":[108],"that":[109,138,179],"rely":[110],"surrogate":[112],"models":[113],"because":[114],"they":[115],"cannot":[116],"operate":[117],"our":[119],"model.":[121],"A":[122,204],"legacy":[123],"system":[124],"relying":[125],"static":[127],"lexical":[128],"retrieval":[129,156],"exhibits":[130],"near-total":[131],"vulnerability":[132],"97.02%,":[133],"establishing":[134],"lower":[136],"bound":[137],"exposes":[139],"how":[140],"architectural":[141,153],"choices":[142],"govern":[143],"surface.":[146],"Evasion":[147],"effectiveness":[148],"is":[149,183,187],"associated":[150],"with":[151],"three":[152],"properties:":[154],"evidence":[155],"mechanism,":[157],"retrieval-inference":[158],"coupling,":[159],"baseline":[161],"classification":[162],"accuracy.":[163],"The":[164],"iterative":[165],"prompt":[166],"optimization":[167],"yields":[168],"largest":[170],"marginal":[171],"gains":[172],"robust":[176],"targets,":[177],"confirming":[178],"adaptive":[180],"discovery":[182],"essential":[184],"when":[185],"non-trivial.":[188],"Analysis":[189],"successful":[191],"reveals":[193],"exploitation":[195],"patterns,":[196],"each":[197],"targeting":[198],"failures":[199],"distinct":[201],"pipeline":[202],"stages.":[203],"pattern-informed":[205],"defense":[206],"reduces":[207],"rate":[210],"by":[211],"up":[212],"65.18%.":[214]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-29T00:00:00"}