9 articles tagged with #rag-security. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.
Researchers propose the first formal threat model for Retrieval-Augmented Generation (RAG) systems, which combine LLMs with external document retrieval. The framework identifies new security vulnerabilities including document membership inference and data poisoning attacks that emerge from RAG's reliance on external knowledge bases, addressing a critical gap in AI safety research.
Researchers introduce DiscourseFlip, a novel attack method against Retrieval-Augmented Generation (RAG) systems that manipulates opinions across multiple related queries by poisoning retrieval content at the discourse level. Unlike previous attacks targeting individual queries, this coordinated approach induces broader opinion shifts while evading detection, and existing defenses prove ineffective against it.
Researchers present a layered security architecture for multitenant enterprise AI systems that isolates data and controls access in retrieval-augmented generation (RAG) and agentic AI deployments. The approach separates security-critical operations to the server while preventing cross-tenant data leakage, validated through an open-source OGX framework with negligible performance overhead.
LeakDojo is a new research framework that systematically evaluates security vulnerabilities in Retrieval-Augmented Generation (RAG) systems, revealing that stronger LLM instruction-following capabilities correlate with higher data leakage risks. The study benchmarks six attack methods across multiple LLMs and datasets, providing critical insights into how RAG databases can be exploited and suggesting that improvements in RAG faithfulness may paradoxically increase security vulnerabilities.
Researchers introduce HubScan, an open-source security scanner that detects 'hubness poisoning' attacks in Retrieval-Augmented Generation (RAG) systems. The tool achieves 90% recall at detecting adversarial content that exploits vector similarity search vulnerabilities, addressing a critical security flaw in AI systems that rely on external knowledge retrieval.
Researchers demonstrate that existing corpus poisoning attacks against RAG systems fail significantly after reranking stages, revealing a critical gap between retrieval-stage attacks and real-world multi-stage pipelines. They propose CRCP, a new poisoning framework that accounts for document chunking and reranking to achieve higher attack success rates across realistic retrieval configurations.
Researchers present SLOT, a comprehensive taxonomy for understanding security vulnerabilities in retrieval-augmented generation (RAG) systems that extend LLMs with external knowledge. The framework categorizes attacks and defenses across four dimensions—attack surface, defense layer, security objective, and target scope—while identifying structural gaps in current evaluation methods and proposing future research directions for securing RAG pipelines.
Researchers introduce Cordon-MAS, a new defense framework against poisoning attacks on retrieval-augmented generation (RAG) systems. The framework reduces attack success rates by 92.4% by enforcing information-flow control that prevents synthesis agents from directly accessing untrusted evidence, addressing a critical vulnerability in AI systems used for high-stakes applications.
Researchers propose CanaryRAG, a runtime defense mechanism that protects Retrieval-Augmented Generation systems from adversarial attacks that extract proprietary data from knowledge bases. The solution uses embedded canary tokens to detect leakage in real-time while maintaining normal system performance, offering a practical safeguard for organizations deploying RAG-based AI systems.
