This work addresses a critical vulnerability in GraphRAG, whose multi-hop reasoning relies on the topological integrity of knowledge graphs and is susceptible to implicit disruption of logical structure. The authors propose LogicPoison, the first attack framework targeting the logical architecture—rather than the content—of GraphRAG with high stealth. By performing type-preserving entity swaps that perturb global logical hubs and query-relevant paths, and integrating strategies such as community detection evasion and relation filtering bypass, LogicPoison effectively disrupts reasoning without altering surface-level textual semantics. Experimental results demonstrate that this approach significantly degrades GraphRAG’s performance across multiple benchmarks, outperforming existing attacks and successfully circumventing its defensive mechanisms.

Graph-based Retrieval-Augmented Generation (GraphRAG) enhances the reasoning capabilities of Large Language Models (LLMs) by grounding their responses in structured knowledge graphs. Leveraging community detection and relation filtering techniques, GraphRAG systems demonstrate inherent resistance to traditional RAG attacks, such as text poisoning and prompt injection. However, in this paper, we find that the security of GraphRAG systems fundamentally relies on the topological integrity of the underlying graph, which can be undermined by implicitly corrupting the logical connections, without altering surface-level text semantics. To exploit this vulnerability, we propose \textsc{LogicPoison}, a novel attack framework that targets logical reasoning rather than injecting false contents. Specifically, \textsc{LogicPoison} employs a type-preserving entity swapping mechanism to perturb both global logic hubs for disrupting overall graph connectivity and query-specific reasoning bridges for severing essential multi-hop inference paths. This approach effectively reroutes valid reasoning into dead ends while maintaining surface-level textual plausibility. Comprehensive experiments across multiple benchmarks demonstrate that \textsc{LogicPoison} successfully bypasses GraphRAG's defenses, significantly degrading performance and outperforming state-of-the-art baselines in both effectiveness and stealth. Our code is available at \textcolor{blue}https://github.com/Jord8061/logicPoison.