No Hidden Prompts Needed! You Can Game AI Peer Review with Presentation-Only Revisions

2026-06-11 · Source: Computation and Language · Field: Technology & Digital — Artificial Intelligence & Machine Learning · Depth: Expert, quick

Summary

A new study introduces "adversarial repackaging," a closed-loop attack demonstrating how AI peer review systems can be manipulated through presentation-only revisions, without altering any scientific evidence, methods, figures, or numerical results. This attack modifies elements like the abstract, contribution framing, related work, and discussion. Across three mainstream AI reviewers, adversarial repackaging achieved a 75.1% attack success rate and a mean score gain of +1.21/10. The research found that strategies such as related-work repositioning and analytical discussion expansion were significantly more effective than superficial edits. The analysis revealed two critical structural failure modes: AI reviewers are more susceptible to being impressed than convinced, and they often mistake the appearance of addressing a limitation for its actual resolution. This suggests that paper presentation itself becomes an optimization surface, posing a significant deployment risk beyond malicious hidden instructions. A contamination-free rolling benchmark and attack framework are released.

Key takeaway

For research scientists submitting papers to AI peer review systems, understand that presentation-level revisions can significantly impact review scores, even without changing scientific content. Focus on strategically framing your contributions and expanding analytical discussions, as these tactics outperform simple prose polishing. If you are developing AI review systems, prioritize anchoring models to scientific evidence to prevent presentation from becoming an exploitable optimization surface.

Key insights

AI peer review is vulnerable to presentation-only manipulation, confusing appearance with scientific merit.

Principles

• AI reviewers prioritize impression over conviction.
• Highlighting strengths boosts perceived merit.
• Presentation is an AI review optimization surface.

Method

Adversarial repackaging is a closed-loop attack using AI-reviewer feedback to search for presentation-level revisions while keeping scientific evidence fixed.

In practice

• Reposition related work for impact.
• Expand analytical discussion sections.
• Avoid solely surface-level prose polishing.

Topics

• AI Peer Review
• Adversarial Repackaging
• Presentation Bias
• Research Integrity
• AI Robustness
• Attack Framework

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Scientist, Research Scientist, AI Security Engineer

Related on AIssential

• Beyond Rating: A Comprehensive Evaluation and Benchmark for AI Reviews — AI review utility stems from textual justification, not just scalar scores, requiring text-centric evaluation.
• Show me science — AI's role in scientific review necessitates clearer, example-rich papers for effective human and machine evaluation.
• Can AI Review Improve Paper Drafting? An Empirical Study on 20 Computer Architecture Submissions — AI review can significantly align with human feedback and identify novel issues in paper drafting.
• A Simple Solution to Improve Broken Peer Review System at AI Conferences [R] — Splitting conference submissions and reviewers into independent halves can reduce reciprocal reviewing bias.
• Some Lessons on Reviews and Rebuttals — Effective academic reviewing and rebuttal writing hinge on structured processes and a constructive mindset.
• Does AI Reviewer See the Full Picture? Attacking and Defending Multimodal Peer Review — AI peer review is highly vulnerable to targeted, cross-modal adversarial attacks, necessitating specialized defenses beyond standard jailbreaking.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Computation and Language.