Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CREST-Search: Comprehensive Red-teaming for Evaluating Safety Threats in Large Language Models Powered by Web Search

Haoran Ou, Kangjie Chen, Xingshuo Han, Gelei Deng, Jie Zhang, Han Qiu, Tianwei Zhang

TL;DR

The paper addresses safety risks in large language models augmented with web search, with emphasis on citation and combined risks arising from retrieval of external sources. It introduces CREST-Search, a three-stage red-teaming framework that generates adversarial queries, executes web searches, and iteratively refines prompts to expose vulnerabilities. Key contributions include the WebSearch-Harm dataset for fine-tuning a dedicated red-teaming model and experimental results showing CREST-Search achieving about 80.5% risk detection across four commercial web-search LLMs, primarily via citation risks. The work highlights the need for targeted defenses, such as source filtering and continuous red-teaming, to enable robust and trustworthy deployment of web-enabled LLMs.

Abstract

Large Language Models (LLMs) excel at tasks such as dialogue, summarization, and question answering, yet they struggle to adapt to specialized domains and evolving facts. To overcome this, web search has been integrated into LLMs, allowing real-time access to online content. However, this connection magnifies safety risks, as adversarial prompts combined with untrusted sources can cause severe vulnerabilities. We investigate red teaming for LLMs with web search and present CREST-Search, a framework that systematically exposes risks in such systems. Unlike existing methods for standalone LLMs, CREST-Search addresses the complex workflow of search-enabled models by generating adversarial queries with in-context learning and refining them through iterative feedback. We further construct WebSearch-Harm, a search-specific dataset to fine-tune LLMs into efficient red-teaming agents. Experiments show that CREST-Search effectively bypasses safety filters and reveals vulnerabilities in modern web-augmented LLMs, underscoring the need for specialized defenses to ensure trustworthy deployment.

CREST-Search: Comprehensive Red-teaming for Evaluating Safety Threats in Large Language Models Powered by Web Search

TL;DR

The paper addresses safety risks in large language models augmented with web search, with emphasis on citation and combined risks arising from retrieval of external sources. It introduces CREST-Search, a three-stage red-teaming framework that generates adversarial queries, executes web searches, and iteratively refines prompts to expose vulnerabilities. Key contributions include the WebSearch-Harm dataset for fine-tuning a dedicated red-teaming model and experimental results showing CREST-Search achieving about 80.5% risk detection across four commercial web-search LLMs, primarily via citation risks. The work highlights the need for targeted defenses, such as source filtering and continuous red-teaming, to enable robust and trustworthy deployment of web-enabled LLMs.

Abstract

Large Language Models (LLMs) excel at tasks such as dialogue, summarization, and question answering, yet they struggle to adapt to specialized domains and evolving facts. To overcome this, web search has been integrated into LLMs, allowing real-time access to online content. However, this connection magnifies safety risks, as adversarial prompts combined with untrusted sources can cause severe vulnerabilities. We investigate red teaming for LLMs with web search and present CREST-Search, a framework that systematically exposes risks in such systems. Unlike existing methods for standalone LLMs, CREST-Search addresses the complex workflow of search-enabled models by generating adversarial queries with in-context learning and refining them through iterative feedback. We further construct WebSearch-Harm, a search-specific dataset to fine-tune LLMs into efficient red-teaming agents. Experiments show that CREST-Search effectively bypasses safety filters and reveals vulnerabilities in modern web-augmented LLMs, underscoring the need for specialized defenses to ensure trustworthy deployment.

Paper Structure

This paper contains 25 sections, 2 equations, 5 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. LLMs Enhanced by Web Search
  4. Adversarial Attacks Against LLMs
  5. Red-teaming LLMs
  6. Preliminary
  7. Problem Statement
  8. Threat Model
  9. Methodology
  10. Red-teaming Pipeline
  11. Search Query Generation Strategy
  12. Red-teaming Model Construction
  13. WebSearch-Harm Dataset
  14. Supervised Fine-tuning for Web Search
  15. Experiments
  16. ...and 10 more sections

Figures (5)

  • Figure 1: Overview of CREST-Search, consisting of three main phases. (1) Adversarial search queries generation: it generates the adversarial search queries based on various harmful content categories and strategies; (2) Web search execution and risk evaluation: it executes the search query and evaluates the toxicity of the cited webpages; (3) Adversarial search queries refinement: it optimizes the query based on the judgment or terminates the round.
  • Figure 2: Detailed risks analysis across baseline models.
  • Figure 3: Transferability of CREST-Search across various victim models.
  • Figure 4: The impact of refinement rounds on risk detection rate (a), optimization cost (b), and optimization time (c) by five harmful content categories.
  • Figure 5: Detection rates for five harmful-content categories across victim models (CREST-Search).