Hidden Prompt Attacks Across Languages in Academic Reviewing
📝 Original Paper Info
- Title: Multilingual Hidden Prompt Injection Attacks on LLM-Based Academic Reviewing- ArXiv ID: 2512.23684
- Date: 2025-12-29
- Authors: Panagiotis Theocharopoulos, Ajinkya Kulkarni, Mathew Magimai. -Doss
📝 Abstract
Large language models (LLMs) are increasingly considered for use in high-impact workflows, including academic peer review. However, LLMs are vulnerable to document-level hidden prompt injection attacks. In this work, we construct a dataset of approximately 500 real academic papers accepted to ICML and evaluate the effect of embedding hidden adversarial prompts within these documents. Each paper is injected with semantically equivalent instructions in four different languages and reviewed using an LLM. We find that prompt injection induces substantial changes in review scores and accept/reject decisions for English, Japanese, and Chinese injections, while Arabic injections produce little to no effect. These results highlight the susceptibility of LLM-based reviewing systems to document-level prompt injection and reveal notable differences in vulnerability across languages.💡 Summary & Analysis
1. **Contribution 1: Custom Models vs Pre-trained Models** - Metaphor: A custom model is like an unfinished building, while a pre-trained model is already partially constructed. This study evaluates the efficiency of both paradigms.-
Contribution 2: Fine-tuning Techniques
- Metaphor: While pre-trained models have a basic structure, fine-tuning is like remodeling that structure for specific purposes. The research aims to find the most optimized model per dataset.
-
Contribution 3: Effectiveness of Transfer Learning
- Metaphor: Transfer learning is akin to rebuilding an existing building in another location. This study evaluates how effective this method is with new datasets.