This paper presents a security threat to Retrieval-Augmented Generative (RAG) models, where adversaries can manipulate the system by injecting deceptive content into the knowledge base, leading to altered model behavior. RAG models enhance Large Language Models (LLMs) by integrating external knowledge, improving performance in tasks like fact-checking and information retrieval. However, the openness of these knowledge bases poses risks, as demonstrated by real-world examples where RAG systems, such as Google Search, have been influenced by misleading content from user-generated sources. The threat is particularly concerning because adversaries can exploit the system without knowing user queries, database contents, or LLM parameters. The paper introduces the LIAR framework, a novel attack strategy that effectively generates adversarial content to influence RAG systems to generate misleading responses. The framework decouples the purpose of the injected content into two objectives: (1) it is preferentially retrieved by the RAG's retriever, and (2) it effectively influences the behaviors of the downstream LLM once retrieved. The framework reveals critical vulnerabilities in RAG systems and emphasizes the urgent need for robust security measures in their design and deployment. The study demonstrates that attacking RAG models is not trivial, as the dynamic nature of these systems, which integrate real-time external knowledge, introduces significant complexities. The paper presents a warm-up study showing that a naive approach to generating adversarial content results in significant loss oscillation and prevents the model from converging. The LIAR framework addresses these challenges by using bi-level optimization techniques to train adversarial content that can effectively manipulate both the retriever and the LLM generator. The experiments show that the LIAR framework significantly improves the success rate of attacks compared to conventional methods. The framework's effectiveness is demonstrated across various settings, including different knowledge bases and LLM models. The results highlight the vulnerability of RAG systems to gray-box attacks and the need for robust defense mechanisms to ensure the integrity and reliability of these systems. The paper also discusses the limitations of the study, including the scope of experiments and the applicability of the framework to different types of RAG systems. Overall, the research underscores the importance of developing secure and reliable AI technologies to mitigate the risks associated with adversarial attacks on RAG models.This paper presents a security threat to Retrieval-Augmented Generative (RAG) models, where adversaries can manipulate the system by injecting deceptive content into the knowledge base, leading to altered model behavior. RAG models enhance Large Language Models (LLMs) by integrating external knowledge, improving performance in tasks like fact-checking and information retrieval. However, the openness of these knowledge bases poses risks, as demonstrated by real-world examples where RAG systems, such as Google Search, have been influenced by misleading content from user-generated sources. The threat is particularly concerning because adversaries can exploit the system without knowing user queries, database contents, or LLM parameters. The paper introduces the LIAR framework, a novel attack strategy that effectively generates adversarial content to influence RAG systems to generate misleading responses. The framework decouples the purpose of the injected content into two objectives: (1) it is preferentially retrieved by the RAG's retriever, and (2) it effectively influences the behaviors of the downstream LLM once retrieved. The framework reveals critical vulnerabilities in RAG systems and emphasizes the urgent need for robust security measures in their design and deployment. The study demonstrates that attacking RAG models is not trivial, as the dynamic nature of these systems, which integrate real-time external knowledge, introduces significant complexities. The paper presents a warm-up study showing that a naive approach to generating adversarial content results in significant loss oscillation and prevents the model from converging. The LIAR framework addresses these challenges by using bi-level optimization techniques to train adversarial content that can effectively manipulate both the retriever and the LLM generator. The experiments show that the LIAR framework significantly improves the success rate of attacks compared to conventional methods. The framework's effectiveness is demonstrated across various settings, including different knowledge bases and LLM models. The results highlight the vulnerability of RAG systems to gray-box attacks and the need for robust defense mechanisms to ensure the integrity and reliability of these systems. The paper also discusses the limitations of the study, including the scope of experiments and the applicability of the framework to different types of RAG systems. Overall, the research underscores the importance of developing secure and reliable AI technologies to mitigate the risks associated with adversarial attacks on RAG models.