Adversarial hubness is an underexplored attack surface in RAG systems where crafted document embeddings become 'gravity wells' that dominate retrieval results for a large percentage of unrelated queries. Research shows a single poisoned document can appear in top results for over 84% of test queries. Real-world incidents include attacks on Google Gemini and Microsoft 365 Copilot. Cisco introduces an open source tool, Adversarial Hubness Detector, that audits vector indices using four complementary detection methods: MAD-based z-score hubness detection, cluster spread entropy analysis, stability testing under perturbation, and domain/modality-aware scoring. It supports FAISS, Pinecone, Qdrant, and Weaviate vector databases.
Table of contents
The Security Gap: “Zero-Click” PoisoningThe Solution: Scanning the Vector Gates with Adversarial Hubness DetectorIntegration and MitigationSort: