SPARK: Spectral Perturbation based Adversarial Attacks for KGRAG Agents

Aditya Saibewar; Aditya Ramesh; Shivam Bhardwaj; Jatin Chauhan; Manohar Kaul

SPARK: Spectral Perturbation based Adversarial Attacks for KGRAG Agents

Aditya Saibewar, Aditya Ramesh, Shivam Bhardwaj, Jatin Chauhan, Manohar Kaul

Published: 01 Mar 2026, Last Modified: 24 Apr 2026ICLR 2026 AIWILDEveryoneRevisionsCC BY 4.0

Keywords: Graph Signatures, Adversarial Attack, Knowledge Graph

TL;DR: We propose a generic spectrally informed adversarial attack for knowledge graph retrieval augmented generation agents.

Abstract: Knowledge Graph based Retrieval Augmented Generation (KG-RAG) agents enhance language models by leveraging structured knowledge for improved reasoning and factual accuracy. However, their security remains largely unexplored. In this work, we present a systematic vulnerability analysis via Graph Signatures constructed using the Haar Laplacian of the subgraph post retrieval, which exploit spectral perturbations with minimal budget to degrade the performance. Our framework assumes no access to the entire graph and simply functions with read-only access to the query specific subgraph, highlighting its practicality in all real-world applications. With extensive empirical evaluation across six KG-RAG based QA datasets, we show that our attack framework induces significant degradation in the performance, with upto 26\% performance drop on Deepseek model, and we also analyse the connection of spectral properties of the subgraphs to downstream response generation.

PDF: pdf

Email Sharing: We authorize the sharing of all author emails with Program Chairs.

Data Release: We authorize the release of our submission and author names to the public in the event of acceptance.

Submission Number: 242

Loading