This study addresses the lack of systematic security analysis of large language model–enhanced search engines (LLMSEs) under black-hat SEO attacks. We introduce SEO-Bench, the first benchmark comprising 1,000 real-world malicious websites, and propose seven novel LLMSEO attack strategies—including query rewrite injection and segmented text manipulation. Through empirical measurement and adversarial simulation, we conduct a multidimensional security evaluation of both mainstream open-source and closed-source LLMSEs. Our findings reveal that while LLMSEs exhibit high robustness against traditional SEO attacks (blocking rates exceeding 99.78%), they remain highly vulnerable to the newly devised LLMSEO techniques, with manipulation success rates more than doubling. These results have been responsibly disclosed to relevant vendors, thereby filling a critical gap in the security assessment of LLM-enhanced search systems.

The emergence of Large Language Model-enhanced Search Engines (LLMSEs) has revolutionized information retrieval by integrating web-scale search capabilities with AI-powered summarization. While these systems demonstrate improved efficiency over traditional search engines, their security implications against well-established black-hat Search Engine Optimization (SEO) attacks remain unexplored. In this paper, we present the first systematic study of SEO attacks targeting LLMSEs. Specifically, we examine ten representative LLMSE products (e.g., ChatGPT, Gemini) and construct SEO-Bench, a benchmark comprising 1,000 real-world black-hat SEO websites, to evaluate both open- and closed-source LLMSEs. Our measurements show that LLMSEs mitigate over 99.78% of traditional SEO attacks, with the phase of retrieval serving as the primary filter, intercepting the vast majority of malicious queries. We further propose and evaluate seven LLMSEO attack strategies, demonstrating that off-the-shelf LLMSEs are vulnerable to LLMSEO attacks, i.e., rewritten-query stuffing and segmented texts double the manipulation rate compared to the baseline. This work offers the first in-depth security analysis of the LLMSE ecosystem, providing practical insights for building more resilient AI-driven search systems. We have responsibly reported the identified issues to major vendors.