The Ranking Blind Spot: Decision Hijacking in LLM-based Text Ranking

Large Language Models (LLMs) have demonstrated strong performance in information retrieval tasks like passage ranking. Our research examines how instruction-following capabilities in LLMs interact with multi-document comparison tasks, identifying what we term the "Ranking Blind Spot", a characteristic of LLM decision processes during comparative evaluation. We analyze how this ranking blind spot affects LLM evaluation systems through two approaches: Decision Objective Hijacking, which alters the evaluation goal in pairwise ranking systems, and Decision Criteria Hijacking, which modifies relevance standards across ranking schemes. These approaches demonstrate how content providers could potentially influence LLM-based ranking systems to affect document positioning. These attacks aim to force the LLM ranker to prefer a specific passage and rank it at the top. Malicious content providers can exploit this weakness, which helps them gain additional exposure by attacking the ranker. In our experiment, We empirically show that the proposed attacks are effective in various LLMs and can be generalized to multiple ranking schemes. We apply these attack to realistic examples to show their effectiveness. We also found stronger LLMs are more vulnerable to these attacks. Our code is available at: https://github.com/blindspotorg/RankingBlindSpot

Key Contributions

• Identifies the 'Ranking Blind Spot' — a systematic vulnerability in LLM decision processes during comparative document evaluation
• Proposes Decision Objective Hijacking (DOH), a grey-box attack that redirects the LLM ranker's evaluation goal in pairwise settings
• Proposes Decision Criteria Hijacking (DCH), a fully black-box, ranking-scheme-agnostic attack that manipulates relevance standards across multiple ranking schemes; shows counterintuitively that stronger LLMs are more vulnerable

🛡️ Threat Analysis

Details

Similar Papers