T12-AT-008HIGH
Source Authority Spoofing
T12 · RAG & Knowledge Base Manipulation →Risk score225
RatingHigh
Procedures10
Severity
Mechanism
LLMs trained on web text have learned to weight information by perceived source authority — content attributed to "Harvard Medical Journal," "Reuters," or "CDC" receives higher trust weighting than anonymous sources. Source authority spoofing injects documents with fabricated provenance metadata into the knowledge base. When retrieved, the LLM incorporates the false information with the confidence level of the spoofed source.
Detection
- Source verification: validate author/source metadata against known authority registries
- Detect documents claiming provenance from high-authority sources that weren't fetched from verified URLs
- Cross-reference claims against official publications databases
- Observable signal: documents with authority metadata that appeared in the knowledge base without going through verified ingestion channels
Mitigation
Source provenance verificationHIGH
Citation verificationHIGH
Authority metadata strippingMEDIUM
Ingestion source whitelistingHIGH
Chaining
Source authority spoofing amplifies T12-AT-001 (Vector Poisoning) by increasing the LLM's confidence in poisoned content. Feeds T8 (Deception) and T15 (Human Workflow) when authoritative-seeming RAG output misleads human decision-makers.
Framework mapping
Open in the technique browser →OWASP LLMLLM09
MITRE ATLASAML.T0020