Route to Rome Attack: Directing LLM Routers to Expensive Models via Adversarial Suffix Optimization

Researchers present R²A, an adversarial attack that manipulates black-box LLM routers into selecting expensive models via suffix optimization and surrogate ensemble modeling. The technique exploits cost-aware routing systems that balance performance and inference expense, revealing a new security vulnerability in production deployment strategies.

MentionsR²A · LLM routers · adversarial suffix optimization · ensemble surrogate

Modelwire summarizes — we don’t republish. The full article lives on arxiv.org. If you’re a publisher and want a different summarization policy for your work, see our takedown page.