This work introduces a stealthy ranking manipulation attack against LLM-driven product recommendation systems: adversarial text sequences are embedded into item descriptions to elevate target items’ rankings while evading anomaly detection. Methodologically, we propose the first implicit prompt optimization framework grounded in energy-based modeling and Langevin dynamics, generating StealthRank Prompts (SRPs) that jointly optimize attack efficacy and textual stealth—ensuring high fluency and low detectability. Experiments across multiple state-of-the-art LLMs demonstrate significant improvements in target-item ranking positions, with attack success rates surpassing existing SOTA baselines; notably, the stealth metric improves by up to 42%, effectively bypassing current textual anomaly detection mechanisms.

The integration of large language models (LLMs) into information retrieval systems introduces new attack surfaces, particularly for adversarial ranking manipulations. We present StealthRank, a novel adversarial ranking attack that manipulates LLM-driven product recommendation systems while maintaining textual fluency and stealth. Unlike existing methods that often introduce detectable anomalies, StealthRank employs an energy-based optimization framework combined with Langevin dynamics to generate StealthRank Prompts (SRPs)-adversarial text sequences embedded within product descriptions that subtly yet effectively influence LLM ranking mechanisms. We evaluate StealthRank across multiple LLMs, demonstrating its ability to covertly boost the ranking of target products while avoiding explicit manipulation traces that can be easily detected. Our results show that StealthRank consistently outperforms state-of-the-art adversarial ranking baselines in both effectiveness and stealth, highlighting critical vulnerabilities in LLM-driven recommendation systems.