Search papers, labs, and topics across Lattice.
The paper introduces the Black-Hole Attack, a novel poisoning attack against vector databases that exploits centrality-driven hubness in high-dimensional embedding spaces by injecting malicious vectors near the geometric centroid. This attack causes injected vectors to dominate top-k retrieval results for most queries, achieving up to 99.85% presence in top-10 results. The authors demonstrate the vulnerability of vector databases and the inadequacy of existing hubness mitigation techniques, highlighting the need for robust defenses.
Vector databases, the bedrock of modern AI, are shockingly vulnerable: injecting just a few carefully crafted vectors can hijack nearly all retrieval results.
Vector databases serve as the retrieval backbone of modern AI applications, yet their security remains largely unexplored. We propose the Black-Hole Attack, a poisoning attack that injects a small number of malicious vectors near the geometric center of the stored vectors. These injected vectors attract queries like a black hole and frequently appear in the top-k retrieval results for most queries. This attack is enabled by a phenomenon we term centrality-driven hubness: in high-dimensional embedding spaces, vectors near the centroid become nearest neighbors of a disproportionately large number of other vectors, while this centroid region is nearly empty in practice. The attack shows that vectors in a vector database cannot be blindly trusted: geometric defects in high-dimensional embeddings make retrieval inherently vulnerable. Our experiments show that malicious vectors appear in up to 99.85% of top-10 results. Additionally, we evaluate existing hubness mitigation methods as potential defenses against the Black-Hole Attack. The results show that these methods either significantly reduce retrieval accuracy or provide limited protection, which indicates the need for more robust defenses against the Black-Hole Attack.
