How Much Can We Trust LLM Search Agents? Measuring Endorsement Vulnerability to Web Content Manipulation

The paper introduces SearchGEO, a framework designed to evaluate the vulnerability of LLM-based search agents to endorsement corruption due to manipulated web content. It assesses 13 LLM backends across 308 cases, revealing an overall attack success rate ranging from 0.0% for Claude-Sonnet-4.6 to 31.4% for Gemini-3-Flash, highlighting significant variability in vulnerability patterns and the influence of deployment scaffolds on attack outcomes. These results underscore the necessity for practitioners to consider the reliability of LLM recommendations in adversarial contexts as a critical aspect of backend safety evaluation.