AI systems that reason through knowledge graphs can be poisoned by rewiring their logic — without changing a single word

Researchers found that AI systems using structured knowledge graphs to improve reasoning are vulnerable to attacks that subtly corrupt the logical connections between facts, rather than inserting false information. The attack works by swapping which entities connect to which, keeping all the text intact but breaking the reasoning paths the AI actually follows.

GraphRAG systems were designed to resist traditional attacks like prompt injection by grounding AI responses in structured knowledge rather than raw text. But this paper shows the system's core strength is also its vulnerability: if you corrupt the graph's logical structure, the AI confidently follows broken reasoning while the surface-level facts look correct. This means any system using knowledge graphs for reasoning — not just AI assistants, but medical decision systems, legal research tools, or financial analysis platforms — now has a new class of threat that existing defenses don't catch.