Large Language Models (LLMs) like those used in Microsoft Bing or Google Search are capable of providing natural language responses to user queries. Traditional search engines often struggle to provide cohesive responses, only offering relevant page results. LLMs improve upon this by compiling results into understandable answers. Yet, issues arise with keeping LLMs current with new information and they are often susceptible to factual errors. Retrieval-augmented generation (RAG) mitigates some of these issues by incorporating an external knowledge source which can provide added context.
One of the issues with LLMs is their vulnerability to adversarial attacks. In these cases, attackers employ specific token sequences in the input prompt to evade model safety mechanisms and produce potentially harmful responses. To address this, researchers from Harvard University introduced the concept of a Strategic Text Sequence (STS). This perfectly calibrated sequence can influence LLM outcomes, especially in the context of e-commerce. By including this optimized sequence in the product information page, the LLM is more likely to rank the product higher in its recommendations.
The researchers tested their theory using a hypothetical coffee machine catalog and targeted two products. They found that incorporating the STS drastically increased the likelihood of the targeted products appearing as top recommendations.
The tested use of STSs showed the LLM could be manipulated to favor a particular product. These findings led to the development of a framework to leverage STSs for a product’s benefit. The framework employs adversarial attack algorithms, specifically the Greedy Coordinate Gradient (GCG) algorithm to further optimize the STS.
The GCG algorithm, executed through 2000 iterations, found an optimized STS that increased the visibility of the targeted product, ‘ColdBrew Master’. The product, initially not recommended, made it into the top recommendations after 100 iterations. The STS equally had both advantageous and disadvantageous results, however, if the product order is randomized, positive results significantly increased with the drawbacks reduced.
In conclusion, the innovative use of an STS allows manipulation of LLM-driven search tools, particularly useful for e-commerce. The sequence improves product ranking in LLM recommendations when incorporated into a product information page. This is further optimized with GC algorithms. Consequently, the implications of this findings are not limited to just e-commerce, but also reflect on other forms of AI search optimization. It additionally raises ethical questions around AI manipulation.