-scaled.png)
Labels Predicted by AI
Evaluation Method Indirect Prompt Injection Adversarial Attack Analysis
Please note that these labels were automatically added by AI. Therefore, they may not be entirely accurate.
For more details, please see the About the Literature Database page.
Abstract
The landscape of scientific peer review is rapidly evolving with the integration of Large Language Models (LLMs). This shift is driven by two parallel trends: the widespread individual adoption of LLMs by reviewers to manage workload (the “Lazy Reviewer” hypothesis) and the formal institutional deployment of AI-powered assessment systems by conferences like AAAI and Stanford’s Agents4Science. This study investigates the robustness of these “LLM-as-a-Judge” systems (both illicit and sanctioned) to adversarial PDF manipulation. Unlike general jailbreaks, we focus on a distinct incentive: flipping “Reject” decisions to “Accept,” for which we develop a novel evaluation metric which we term as WAVS (Weighted Adversarial Vulnerability Score). We curated a dataset of 200 scientific papers and adapted 15 domain-specific attack strategies to this task, evaluating them across 13 Language Models, including GPT-5, Claude Haiku, and DeepSeek. Our results demonstrate that obfuscation strategies like “Maximum Mark Magyk” successfully manipulate scores, achieving alarming decision flip rates even in large-scale models. We will release our complete dataset and injection framework to facilitate more research on this topic.