Researchers led by Yimeng Chen introduced SearchGEO, a controlled framework for testing endorsement corruption in LLM-based web-search agents. The work was submitted to arXiv on 15 Jun 2026 and focuses on whether manipulated web evidence can turn attacker-published pages into claims endorsed by an agent.
The evaluation covered 13 LLM backends on 308 cases each, with attack success rate varying sharply by model. Results ranged from 0.0% on Claude-Sonnet-4.6 to 31.4% on Gemini-3-Flash, showing that endorsement reliability can differ substantially across backends under adversarial search conditions.
SearchGEO combines a web-evidence manipulation pipeline, a five-mode attack taxonomy, multiple output-level metrics, and an auxiliary agent-skill probe that frames endorsement as an install command. The probe found a split between Claude systems that tended to “over-reject” and GPT systems that tended to “over-trust,” highlighting failure modes that may not appear in isolated model tests.
