Retrieval-augmented text-to-music (TTM) systems augment underspecified user prompts using captions retrieved from a music caption dataset. This design introduces an integrity dependency on the music knowledge database. We show that an attacker can poison the database by injecting a small number of crafted music captions, causing the system to retrieve malicious captions that bias prompt augmentation and steer generation away from the user's intended function, without modifying the user prompt, retriever, or generator. To achieve the music caption poisoning attack, we propose a dual-layer caption poisoning strategy that preserves high-level retrieval anchors while injecting low-level acoustic descriptors to steer prompt augmentation and downstream music generation toward an attacker-chosen target intent. In a MusicCaps knowledge database, CLAP retriever, and MusicGen pipeline, poisoned generations move substantially closer to the attacker's target, while remaining comparably aligned with the original user query. These results expose a practical integrity risk for retrieval-augmented creative AI systems. Our demo can be found at: https://yizhu-wen.github.io/Mental-Damage/
翻译:检索增强型文本生成音乐系统通过从音乐描述数据集中检索的描述来增强用户未明确指定的提示。这种设计引入对音乐知识数据库的完整性依赖。我们证明,攻击者可通过注入少量精心构造的音乐描述来污染数据库,导致系统检索到恶意描述,从而偏置提示增强过程并使生成结果偏离用户预期功能,而无需修改用户提示、检索器或生成器。为实现音乐描述投毒攻击,我们提出双层描述投毒策略:在保留高层检索锚点的同时,注入低层声学描述符以引导提示增强和下游音乐生成朝向攻击者选择的目标意图。在MusicCaps知识数据库、CLAP检索器和MusicGen管道构成的系统中,被投毒后的生成结果显著接近攻击者目标,同时仍与原始用户查询保持可比的对齐程度。这些结果揭示了检索增强型创意AI系统面临的现实完整性风险。我们的演示可访问:https://yizhu-wen.github.io/Mental-Damage/