T12-AT-005HIGH

Embedding Space Manipulation

T12 · RAG & Knowledge Base Manipulation →

Risk score220

RatingHigh

Procedures10

Severity

Mechanism

Embedding space manipulation attacks the mathematical representation layer — crafting text that embeds in adversarial locations within the vector space without appearing adversarial in content. The Black-Hole Attack (April 2026) demonstrated that vectors positioned near the geometric center of a high-dimensional embedding space have high probability of being nearest neighbors to many other vectors; injecting a small number of malicious vectors at the centroid forces the system to retrieve them for most queries. This exploits a fundamental property of high-dimensional geometry, not a flaw in any specific embedding model.

Detection

Monitor embedding distributions for anomalous vectors (centroid-proximate, abnormal norm, clustering artifacts)
Compare new document embeddings against corpus statistics; flag outliers
Detect embedding inversion attempts through query pattern analysis
Observable signal: sudden appearance of vectors with unusually high average similarity to the corpus

Mitigation

Embedding anomaly detectionMEDIUM

Access control on vector storeHIGH

Embedding model rotationMEDIUM

Cosine similarity thresholdingLOW

Chaining

Embedding space manipulation underpins T12-AT-001 (Vector Poisoning) and T12-AT-014 (Similarity Search Hijacking) by operating at the mathematical foundation layer. Embedding inversion (T12-AP-005J) feeds T7 (Output Manipulation) by enabling data exfiltration.

Framework mapping

OWASP LLMLLM08

MITRE ATLASAML.T0043

Open in the technique browser →