Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

The Synthetic Web: Adversarially-Curated Mini-Internets for Diagnosing Epistemic Weaknesses of Language Agents

Shrey Shah, Levent Ozgur

TL;DR

This work establishes a reproducible baseline for developing search-robust and epistemically humble agents capable of resisting manipulation in high-stakes domains by injecting a single high-plausibility misinformation article into a controllable search rank, and measuring the causal effect of adversarial exposure in six frontier models.

Abstract

Language agents increasingly act as web-enabled systems that search, browse, and synthesize information from diverse sources. However, these sources can include unreliable or adversarial content, and the robustness of agents to adversarial ranking - where misleading information appears prominently in search results - remains poorly understood. Existing benchmarks evaluate functional navigation or static factuality but cannot causally isolate this vulnerability, and current mitigation strategies for retrieval-augmented generation remain largely untested under such conditions. We introduce Synthetic Web Benchmark, a procedurally generated environment comprising thousands of hyperlinked articles with ground-truth labels for credibility and factuality, process-level interaction traces, and contamination filtering to eliminate training-data leakage. By injecting a single high-plausibility misinformation article into a controllable search rank, we measure the causal effect of adversarial exposure in six frontier models. The results reveal catastrophic failures: accuracy collapses despite unlimited access to truthful sources, with minimal search escalation and severe miscalibration. These findings expose fundamental limitations in how current frontier models handle conflicting information, with immediate implications for deployment in high-stakes domains. Our benchmark enables systematic analysis of these failure modes and provides a controlled testbed for evaluating mitigation strategies under adversarial ranking - a gap in current research. This work establishes a reproducible baseline for developing search-robust and epistemically humble agents capable of resisting manipulation in high-stakes domains.

The Synthetic Web: Adversarially-Curated Mini-Internets for Diagnosing Epistemic Weaknesses of Language Agents

TL;DR

This work establishes a reproducible baseline for developing search-robust and epistemically humble agents capable of resisting manipulation in high-stakes domains by injecting a single high-plausibility misinformation article into a controllable search rank, and measuring the causal effect of adversarial exposure in six frontier models.

Abstract

Language agents increasingly act as web-enabled systems that search, browse, and synthesize information from diverse sources. However, these sources can include unreliable or adversarial content, and the robustness of agents to adversarial ranking - where misleading information appears prominently in search results - remains poorly understood. Existing benchmarks evaluate functional navigation or static factuality but cannot causally isolate this vulnerability, and current mitigation strategies for retrieval-augmented generation remain largely untested under such conditions. We introduce Synthetic Web Benchmark, a procedurally generated environment comprising thousands of hyperlinked articles with ground-truth labels for credibility and factuality, process-level interaction traces, and contamination filtering to eliminate training-data leakage. By injecting a single high-plausibility misinformation article into a controllable search rank, we measure the causal effect of adversarial exposure in six frontier models. The results reveal catastrophic failures: accuracy collapses despite unlimited access to truthful sources, with minimal search escalation and severe miscalibration. These findings expose fundamental limitations in how current frontier models handle conflicting information, with immediate implications for deployment in high-stakes domains. Our benchmark enables systematic analysis of these failure modes and provides a controlled testbed for evaluating mitigation strategies under adversarial ranking - a gap in current research. This work establishes a reproducible baseline for developing search-robust and epistemically humble agents capable of resisting manipulation in high-stakes domains.
Paper Structure (57 sections, 4 figures, 7 tables)

This paper contains 57 sections, 4 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Web agents and browsing benchmarks.
  4. Factuality and truthfulness.
  5. Misinformation and adversarial robustness.
  6. Concurrent benchmarks and differentiation.
  7. Synthetic data for controlled testing.
  8. Mitigations for robust retrieval and safeguards
  9. Methodology
  10. Synthetic Web Generation Environment
  11. Query Construction and Contamination Filtering.
  12. Search Layer and Honeypot Injection
  13. Agent Protocol for interaction loop and tool usage
  14. Evaluation Pipeline
  15. Experimental Setup
  16. ...and 42 more sections

Figures (4)

  • Figure 1: Synthetic Web Benchmark architecture consists of four main components: Synthetic Web (blue), Search Layer (orange), Agent Protocol (green), and Evaluation (gray). The Search Layer includes a rank-0 honeypot for adversarial exposure. Each component is color-coded and described in the diagram.
  • Figure 2: Model performance under adversarial search. All models show dramatic accuracy drops when a single honeypot appears at rank 0.
  • Figure 3: Calibration: stated confidence vs. actual accuracy. Under adversarial exposure (squares), models remain highly confident despite dramatic accuracy drops. Dashed line: perfect calibration.
  • Figure 4: Variance in accuracy across worlds and rollouts. Performance degradation is consistent, not driven by outliers. Boxes show IQR; diamonds mark means.