Agentic Adversarial Rewriting Exposes Architectural Vulnerabilities in Black-Box NLP Pipelines

Computer Science > Artificial Intelligence arXiv:2604.23483 (cs) [Submitted on 26 Apr 2026] Title:Agentic Adversarial Rewriting Exposes Architectural Vulnerabilities in Black-Box NLP Pipelines Authors:Mazal Bethany, Kim-Kwang Raymond Choo, Nishant Vishwamitra, Peyman Najafirad View a PDF of the paper titled Agentic Adversarial Rewriting Exposes Architectural Vulnerabilities in Black-Box NLP Pipelines, by Mazal Bethany and 3 other authors View PDF HTML (experimental) Abstract:Multi-component natural language processing (NLP) pipelines are increasingly deployed for high-stakes decisions, yet no existing adversarial method can test their robustness under realistic conditions: binary-only feedback, no gradient access, and strict query budgets. We formalize this strict black-box threat model and propose a two-agent evasion framework operating in a semantic perturbation space. An Attacker Agent generates meaning-preserving rewrites while a Prompt Optimization Agent refines the attack strategy using only binary decision feedback within a 10-query budget. Evaluated against four evidence-based misinformation detection pipelines, the framework achieves evasion rates of 19.95 to 40.34% on modern large language model (LLM) based systems, compared to at most 3.90% for token-level perturbation baselines that rely on surrogate models because they cannot operate under our threat model. A legacy system relying on static lexical retrieval exhibits near-total vulnerability 97.02%, establishing a lower bound that exposes how architectural choices govern the attack surface. Evasion effectiveness is associated with three architectural properties: evidence retrieval mechanism, retrieval-inference coupling, and baseline classification accuracy. The iterative prompt optimization yields the largest marginal gains against the most robust targets, confirming that adaptive strategy discovery is essential when evasion is non-trivial. Analysis of successful rewrites reveals four exploitation patterns, each targeting failures at distinct pipeline stages. A pattern-informed defense reduces the evasion rate by up to 65.18%. Comments: Submitted to IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY Subjects: Artificial Intelligence (cs.AI) Cite as: arXiv:2604.23483 [cs.AI] (or arXiv:2604.23483v1 [cs.AI] for this version) https://doi.org/10.48550/arXiv.2604.23483 Focus to learn more arXiv-issued DOI via DataCite (pending registration) Submission history From: Peyman Najafirad [view email] [v1] Sun, 26 Apr 2026 00:58:36 UTC (646 KB) Full-text links: Access Paper: View a PDF of the paper titled Agentic Adversarial Rewriting Exposes Architectural Vulnerabilities in Black-Box NLP Pipelines, by Mazal Bethany and 3 other authorsView PDFHTML (experimental)TeX Source view license Current browse context: cs.AI < prev | next > new | recent | 2026-04 Change to browse by: cs References & Citations NASA ADSGoogle Scholar Semantic Scholar export BibTeX citation Loading... BibTeX formatted citation × loading... Data provided by: Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Code, Data and Media Associated with this Article alphaXiv Toggle alphaXiv (What is alphaXiv?) Links to Code Toggle CatalyzeX…

This excerpt is published under fair use for community discussion. Read the full article at arXiv.org.