Researchers Develop Subtle Attack Method That Degrades AI Retrieval Systems

A new research paper introduces a sophisticated attack method targeting Retrieval-Augmented Generation (RAG) systems, which combine large language models with external knowledge retrieval. Unlike conventional jamming attacks that produce obvious refusals or denial-of-service outcomes, this approach induces what researchers term 'soft failure'—fluent but uninformative responses that degrade system utility without detection. The Deceptive Evolutionary Jamming Attack (DEJA) framework operates as an automated black-box attack, generating adversarial documents that exploit safety-aligned behaviors in language models. DEJA employs evolutionary optimization guided by an Answer Utility Score (AUS), calculated through an LLM-based evaluator, to systematically reduce answer certainty while maintaining high retrieval success rates. Extensive testing across multiple RAG configurations and benchmark datasets demonstrates DEJA's consistent effectiveness. This research formalizes a previously unrecognized availability threat to AI systems that rely on retrieval augmentation for factual accuracy. The work was published on arXiv with identifier 2604.18663v1 and announced as a cross-disciplinary study. The attack methodology represents a significant advancement in understanding vulnerabilities of AI systems that integrate external knowledge sources.