LLM-Based Adversarial Persuasion Attacks on Fact-Checking Systems

Automated fact-checking (AFC) systems are susceptible to adversarial attacks, enabling false claims to evade detection. Existing adversarial frameworks typically rely on injecting noise or altering semantics, yet no existing framework exploits the adversarial potential of persuasion techniques, which are widely used in disinformation campaigns to manipulate audiences. In this paper, we introduce a novel class of persuasive adversarial attacks on AFCs by employing a generative LLM to rephrase claims using persuasion techniques. Considering 15 techniques grouped into 6 categories, we study the effects of persuasion on both claim verification and evidence retrieval using a decoupled evaluation strategy. Experiments on the FEVER and FEVEROUS benchmarks show that persuasion attacks can substantially degrade both verification performance and evidence retrieval. Our analysis identifies persuasion techniques as a potent class of adversarial attacks, highlighting the need for more robust AFC systems.

Key Contributions

• Persuasion injection attack framework using LLMs to rephrase claims with 15 persuasion techniques (6 categories) to evade AFC systems
• Decoupled evaluation strategy that isolates the effect of persuasion on evidence retrieval versus veracity classification separately
• Empirical finding that Manipulative Wording techniques simultaneously degrade both evidence retrieval and classification, causing near-total AFC pipeline failure

🛡️ Threat Analysis

Details

Similar Papers