With a Little Help From My Friends: Collective Manipulation in Risk-Controlling Recommender Systems

A team of researchers from Fondazione Bruno Kessler and Universitat Pompeu Fabra has exposed a significant vulnerability in a new class of AI designed to make online platforms safer. Their paper, 'With a Little Help From My Friends: Collective Manipulation in Risk-Controlling Recommender Systems', focuses on risk-controlling recommender systems. These systems use formal statistical guarantees, specifically conformal risk control, to limit user exposure to harmful content based on aggregate feedback like 'Not Interested' clicks. The study's core finding is that this reliance on collective signals creates a critical weakness: it can be gamed by a small, coordinated group of users.

Using data from a large-scale video-sharing platform, the researchers demonstrated that an adversarial coalition comprising just 1% of the user base could degrade the overall recommendation quality for regular users by up to 20%, as measured by the nDCG metric. Crucially, these attacks are practical; they require little to no knowledge of the platform's internal algorithm and use simple, realistic actions like mass-reporting. While the attacks can broadly harm system performance, the study found they cannot be used to surgically suppress specific content categories through reporting alone. In response, the authors propose a mitigation strategy that shifts safety guarantees from the group level to the individual user level, which their tests show can reduce the impact of such coordinated manipulation while preserving personalized safety controls.