arXiv: Steering LLM Viewpoints through Fabricated Evidence Injection

A new preprint from arXiv, titled "Steering LLM Viewpoints through Fabricated Evidence Injection," demonstrates a novel attack vector against large language models. The research shows that by injecting fabricated citations and false evidence into a model's training data or retrieval context, an attacker can systematically shift the model's outputs toward a desired viewpoint, even on factual topics. This is not a regulatory change but a published vulnerability that raises significant concerns under the EU AI Act, particularly for high-risk AI systems that rely on retrieval-augmented generation or fine-tuning with external data sources.

Organizations deploying or developing LLMs in regulated sectors such as finance, healthcare, legal services, and public administration are most affected. Any entity using AI for decision-support, content generation, or information retrieval where output accuracy and impartiality are critical must assess their exposure. This includes providers of general-purpose AI models and deployers of high-risk AI systems subject to Article 15 on accuracy and robustness, as well as transparency obligations under Article 50.

Compliance teams should immediately review their data provenance and retrieval pipelines to detect and mitigate the risk of fabricated evidence injection. Conduct a gap analysis against the EU AI Act's requirements for data governance and model robustness, particularly for systems using external knowledge bases. Update your risk management framework to include this attack vector in red-teaming exercises, and ensure that any model outputs relying on retrieved evidence include verifiable citations. Finally, monitor the European Commission's guidance and any updates to harmonised standards that may address this vulnerability.