← Back to Library

SIA: A Synthesize-Inject-Align Framework for Knowledge-Grounded and Secure E-commerce Search LLMs with Industrial Deployment

Authors: Zhouwei Zhai, Mengxiang Chen, Anmeng Zhang

Published: 2026-03-17

arXiv ID: 2603.16137v1

Added to Library: 2026-03-18 03:00 UTC

πŸ“„ Abstract

Large language models offer transformative potential for e-commerce search by enabling intent-aware recommendations. However, their industrial deployment is hindered by two critical challenges: (1) knowledge hallucination due to insufficient encoding of dynamic, fine-grained product knowledge, and (2) security vulnerabilities under jailbreak attacks that threaten compliance. To address these issues, we propose SI--a Synthesize-Inject-Align framework for building knowledgeable and secure e-commerce search LLMs. Our approach first synthesizes high-quality natural language corpus by combining structured knowledge graphs with unstructured behavioral logs, augmented with reasoning chains and safety-aware data.We then introduce a parameter-efficient pre-training strategy based on Depth Up-Scaling to inject domain knowledge while preserving general capabilities. Finally, a dual-path alignment method via multi-task instruction tuning and adversarial training strengthens both task performance and safety robustness. The framework has been deployed at JD.com, China's largest self-operated e-commerce platform, where A/B tests across five core search scenarios demonstrate significant improvements in key business metrics, validating its industrial effectiveness and scalability.

πŸ” Key Points

  • Proposes Structured Semantic Cloaking (S2C), a novel multi-dimensional framework for jailbreak attacks on large language models (LLMs) that involves semantic distribution and restructuring during inference.
  • S2C includes three mechanisms: Contextual Reframing, Content Fragmentation, and Clue-Guided Camouflage, which work together to bypass conventional safety measures that rely on coherent semantic intent.
  • Empirical evaluations show that S2C outperforms previous state-of-the-art methods by significant margins, achieving up to 89.4% Attack Success Rate (ASR) across various models.
  • Highlights the systematic vulnerability of LLMs to attacks that exploit deeper latent representations rather than surface-level obfuscation, indicating a gap in current safety mechanisms.
  • Demonstrates the importance of understanding not just the malicious intent but also the timing and structure of semantic reconstruction during generative processes.

πŸ’‘ Why This Paper Matters

This paper introduces a significant advancement in the field of AI safety by illustrating a novel attack strategy against current safety mechanisms in LLMs. By manipulating the way malicious intent is formed and evaluated at deeper semantic levels, the authors expose relevant vulnerabilities within different model architectures. The findings and techniques proposed aim to contribute to a more robust discourse on AI safety mechanisms by highlighting what’s required to develop defenses that withstand more sophisticated attacks.

🎯 Why It's Interesting for AI Security Researchers

This research would be of considerable interest to AI security researchers for several reasons. Firstly, it challenges existing assumptions about the robustness of LLM safety measures, advocating for a reevaluation of their capabilities against increasingly complex adversarial strategies. Secondly, the techniques outlined provide actionable insights for understanding and potentially improving LLM defenses against manipulation, which is critical as such models are integrated into more safety-critical applications.

πŸ“š Read the Full Paper

πŸ“„ View on arXiv πŸ“Ž Download PDF