Duplicate flooding

Attacker submits many slight variants of the same poisoned content to dominate top-k retrieval for a target query.

Severity: mediumOWASP LLM: LLM04

How it works

Even a low-quality entry can win retrieval if it appears 200 times under different ids. The attacker posts the same payload across many seemingly unrelated source documents.

Example payload

(Same poisoned passage submitted under varied titles and authors.)

Defenses

Deduplicate by content hash, near-duplicate detection (MinHash). Penalize bursty single-author submissions.

Related patterns

Embedding collision
Knowledge base write via feedback loop
Metadata injection
HTML comment payloads
Vector pinning