Multilingual Prompt Injection Attacks Undermine LLM Relevance Judgments
Jul 14, 2026
A new preprint demonstrates that cross-lingual prompt injection attacks can significantly inflate relevance scores in LLM-based information retrieval systems, while evading current prompt-injection defenses. The attacks, tested across eight languages and multiple open-weight models, can also adapt to bypass modified defense mechanisms. This exposes a critical vulnerability in using LLMs as automated relevance judges.
Why it matters: The study reveals that language diversity can be exploited as an attack vector, exposing a major security gap in LLM-based evaluation systems.
Full story at: arXiv Information Retrieval ↗