Exploring LLM biases to manipulate AI search overview

A new study by Roman Smirnov exposes a critical vulnerability in LLM Overview systems—AI-powered search summaries that select and synthesize sources. The research, posted on arXiv, demonstrates that these systems harbor inherent biases that can be systematically exploited. By training a small language model using reinforcement learning, Smirnov shows that rewritten search snippets can significantly boost their chances of being favored by the LLM during source selection. The experimental setup intentionally restricted the policy to operate only on snippets and limited reward-hacking, reflecting realistic web search constraints.

Smirnov's results confirm that LLM Overview selections are driven by comparative rather than absolute advantages among candidate sources, making them susceptible to optimization. The study also explores context poisoning attacks, where manipulated snippets lead to harmful or factually incorrect summaries. This work raises urgent questions about the reliability of AI-generated search overviews, especially as they become standard in products like Google's AI Overviews and Bing Chat. The findings suggest that malicious actors could game the system for SEO or misinformation, undermining trust in search results.