English

Does Vec2Text Pose a New Corpus Poisoning Threat?

Information Retrieval 2024-10-10 v1

Abstract

The emergence of Vec2Text -- a method for text embedding inversion -- has raised serious privacy concerns for dense retrieval systems which use text embeddings. This threat comes from the ability for an attacker with access to embeddings to reconstruct the original text. In this paper, we take a new look at Vec2Text and investigate how much of a threat it poses to the different attacks of corpus poisoning, whereby an attacker injects adversarial passages into a retrieval corpus with the intention of misleading dense retrievers. Theoretically, Vec2Text is far more dangerous than previous attack methods because it does not need access to the embedding model's weights and it can efficiently generate many adversarial passages. We show that under certain conditions, corpus poisoning with Vec2Text can pose a serious threat to dense retriever system integrity and user experience by injecting adversarial passaged into top ranked positions. Code and data are made available at https://github.com/ielab/vec2text-corpus-poisoning

Cite

@article{arxiv.2410.06628,
  title  = {Does Vec2Text Pose a New Corpus Poisoning Threat?},
  author = {Shengyao Zhuang and Bevan Koopman and Guido Zuccon},
  journal= {arXiv preprint arXiv:2410.06628},
  year   = {2024}
}

Comments

arXiv admin note: substantial text overlap with arXiv:2402.12784

R2 v1 2026-06-28T19:13:56.229Z