Can You Trust The Vectors In Your Vector Database? Black-hole Attack From Embedding Space Defects
2026 Β· Hanxi Li, Jianan Zhou, Jiale Lao, et al.
Abstract
Vector databases serve as the retrieval backbone of modern AI applications, yet their security remains largely unexplored. We propose the Black-Hole Attack, a poisoning attack that injects a small number of malicious vectors near the geometric center of the stored vectors. These injected vectors attract queries like a black hole and frequently appear in the top-k retrieval results for most queries. This attack is enabled by a phenomenon we term centrality-driven hubness: in high-dimensional embedding spaces, vectors near the centroid become nearest neighbors of a disproportionately large number of other vectors, while this centroid region is nearly empty in practice. The attack shows that vectors in a vector database cannot be blindly trusted: geometric defects in high-dimensional embeddings make retrieval inherently vulnerable. Our experiments show that malicious vectors appear in up to 99.85% of top-10 results. Additionally, we evaluate existing hubness mitigation methods as potentia
Authors
(none)
Tags
Stats
Related papers
- Breaking The Curse Of Dimensionality: On The Stability Of Modern Vector Retrieval (2025)0.00
- Adversarial Hubness In Multi-modal Retrieval (2024)0.00
- Semantic Certainty Assessment In Vector Retrieval Systems: A Novel Framework For Embedding Quality Evaluation (2025)0.00
- Reveal Hidden Pitfalls And Navigate Next Generation Of Vector Similarity Search From Task-centric Views (2025)0.00
- On The Theoretical Limitations Of Embedding-based Retrieval (2025)0.00
- On Strengths And Limitations Of Single-vector Embeddings (2026)0.00
- Vector Database Management Systems: Fundamental Concepts, Use-cases, And Current Challenges (2023)14.23
- Understanding And Mitigating The Threat Of Vec2text To Dense Retrieval Systems (2024)7.16