We analyze answers generated by generative engines (GEs) from the perspectives of citation publishers and the content-injection barrier, defined as the difficulty for attackers to manipulate answers to user prompts by placing malicious content on the web. GEs integrate two functions: web search and answer generation that cites web pages using large language models. Because anyone can publish information on the web, GEs are vulnerable to poisoning attacks. Existing studies of citation evaluation focus on how faithfully answer content reflects cited sources, leaving unexamined which web sources should be selected as citations to defend against poisoning attacks. To fill this gap, we introduce evaluation criteria that assess poisoning threats using the citation information contained in answers. Our criteria classify the publisher attributes of citations to estimate the content-injection barrier thereby revealing the threat of poisoning attacks in current GEs. We conduct experiments in political domains in Japan and the United States (U.S.) using our criteria and show that citations from official party websites (primary sources) are approximately \(25\%\)--\(45\%\) in the U.S. and \(60\%\)--\(65\%\) in Japan, indicating that U.S. political answers are at higher risk of poisoning attacks. We also find that sources with low content-injection barriers are frequently cited yet are poorly reflected in answer content. To mitigate this threat, we discuss how publishers of primary sources can increase exposure of their web content in answers and show that well-known techniques are limited by language differences.

翻译：我们从引用发布者和内容注入屏障的视角分析生成引擎（GEs）生成的答案，其中内容注入屏障定义为攻击者通过在网络上放置恶意内容来操纵针对用户提示生成答案的难度。生成引擎整合了两种功能：网络搜索以及使用大语言模型引用网页的答案生成。由于任何人都可以在网络上发布信息，生成引擎容易受到投毒攻击。现有的引用评估研究主要关注答案内容在多大程度上忠实反映了被引来源，而未考察应选择哪些网络来源作为引用来防御投毒攻击。为填补这一空白，我们引入了一套利用答案中包含的引用信息来评估投毒威胁的评估标准。我们的标准通过分类引用的发布者属性来估计内容注入屏障，从而揭示当前生成引擎中投毒攻击的威胁。我们使用这些标准在日本和美国的政治领域进行了实验，结果表明来自官方政党网站（主要来源）的引用在美国约占 \(25\%\)--\(45\%\)，在日本约占 \(60\%\)--\(65\%\)，这表明美国政治类答案面临更高的投毒攻击风险。我们还发现，那些内容注入屏障较低的来源虽然被频繁引用，但在答案内容中的体现却很差。为缓解这一威胁，我们探讨了主要来源的发布者如何增加其网络内容在答案中的曝光度，并指出现有常用技术受限于语言差异。