attack arXiv Aug 25, 2025 · Aug 2025
Qiming Guo, Jinwen Tang, Xingran Huang · Texas A&M University · University of Missouri +1 more
Introduces Advertisement Embedding Attacks injecting covert ads or propaganda into LLM outputs via platform prompt hijacking and backdoored open-source checkpoints
Model Poisoning AI Supply Chain Attacks Prompt Injection nlp
We introduce Advertisement Embedding Attacks (AEA), a new class of LLM security threats that stealthily inject promotional or malicious content into model outputs and AI agents. AEA operate through two low-cost vectors: (1) hijacking third-party service-distribution platforms to prepend adversarial prompts, and (2) publishing back-doored open-source checkpoints fine-tuned with attacker data. Unlike conventional attacks that degrade accuracy, AEA subvert information integrity, causing models to return covert ads, propaganda, or hate speech while appearing normal. We detail the attack pipeline, map five stakeholder victim groups, and present an initial prompt-based self-inspection defense that mitigates these injections without additional model retraining. Our findings reveal an urgent, under-addressed gap in LLM security and call for coordinated detection, auditing, and policy responses from the AI-safety community.
llm Texas A&M University · University of Missouri · University of California
ML Security Papers