Multi-granular adversarial attacks against black-box neural ranking models aim to generate high-quality adversarial examples by incorporating perturbations at multiple levels of granularity, such as word, phrase, and sentence levels. Traditional single-granular attacks are limited in their flexibility, reducing the potential threat of adversarial examples. To address this, the authors propose RL-MARA, a reinforcement learning framework that enables sequential decision-making to identify multi-granular vulnerabilities and organize perturbations into effective sequences. The framework uses a surrogate ranking model and a large language model (LLM) to evaluate the effectiveness and naturalness of adversarial examples. Two agents, a sub-agent for identifying vulnerabilities and a meta-agent for generating perturbations, work cooperatively to optimize the attack process. Experimental results show that RL-MARA outperforms existing baselines in attack effectiveness and imperceptibility, achieving higher success rates and maintaining semantic consistency and fluency in adversarial examples. The method is evaluated on two benchmark datasets, MS MARCO and ClueWeb09, demonstrating its effectiveness across different attack scenarios. The framework's ability to adapt to varying granularities and its use of reinforcement learning make it a powerful tool for uncovering vulnerabilities in neural ranking models.Multi-granular adversarial attacks against black-box neural ranking models aim to generate high-quality adversarial examples by incorporating perturbations at multiple levels of granularity, such as word, phrase, and sentence levels. Traditional single-granular attacks are limited in their flexibility, reducing the potential threat of adversarial examples. To address this, the authors propose RL-MARA, a reinforcement learning framework that enables sequential decision-making to identify multi-granular vulnerabilities and organize perturbations into effective sequences. The framework uses a surrogate ranking model and a large language model (LLM) to evaluate the effectiveness and naturalness of adversarial examples. Two agents, a sub-agent for identifying vulnerabilities and a meta-agent for generating perturbations, work cooperatively to optimize the attack process. Experimental results show that RL-MARA outperforms existing baselines in attack effectiveness and imperceptibility, achieving higher success rates and maintaining semantic consistency and fluency in adversarial examples. The method is evaluated on two benchmark datasets, MS MARCO and ClueWeb09, demonstrating its effectiveness across different attack scenarios. The framework's ability to adapt to varying granularities and its use of reinforcement learning make it a powerful tool for uncovering vulnerabilities in neural ranking models.