When Poison Fails After Retrieval: Revisiting Corpus Poisoning under Chunking and Reranking Pipelines

The paper presents a novel framework called Chunk-aware and Rerank-Consistent Poisoning (CRCP) to address vulnerabilities in Retrieval-Augmented Generation (RAG) systems against corpus poisoning attacks. It identifies that existing poisoning methods falter in multi-stage retrieval settings due to retrieval granularity mismatch, where adversarial signals are fragmented during document chunking. CRCP optimizes for retrieval relevance and reranker consistency, demonstrating significantly improved attack success rates across various RAG benchmarks, thereby emphasizing the need for a multi-stage approach in evaluating RAG security.