# rag
56 articlestagged with “rag”
LlamaIndex Attack Surface Analysis
Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.
RAG-Memory Confusion Attacks
Exploit the interaction between RAG retrieval and agent memory to create conflicting contexts that bypass safety.
Vector Database Forensics
Forensic analysis techniques for detecting and investigating vector database poisoning, unauthorized modifications, and data integrity violations.
RAG & Data Attack Assessment
Test your knowledge of Retrieval-Augmented Generation attack vectors, knowledge base poisoning, embedding manipulation, and data exfiltration through RAG systems with 10 intermediate-level questions.
RAG & Data Attack Assessment (Assessment)
Assessment on RAG poisoning, embedding attacks, training data extraction, and membership inference.
Skill Verification: RAG & Data Attacks
Practical verification of RAG poisoning, embedding attacks, and data extraction techniques.
Capstone: Enterprise RAG Assessment
Capstone exercise: complete red team assessment of an enterprise RAG system with role-based access.
Capstone: Comprehensive RAG Security Assessment
Conduct a thorough security assessment of a Retrieval-Augmented Generation system, testing document poisoning, retrieval manipulation, context window attacks, and data exfiltration vectors.
Case Study: Production RAG Poisoning Incident
Detailed analysis of a real-world RAG poisoning incident including attack methodology, impact, and remediation.
May 2026: RAG Poisoning Challenge
Inject malicious documents into a retrieval-augmented generation system to control responses for specific queries without disrupting normal operation.
Data & Training Security
Security vulnerabilities in the AI data pipeline, covering RAG exploitation, training data attacks, model extraction and intellectual property theft, and privacy attacks against deployed models.
RAG Pipeline Exploitation
Methodology for attacking Retrieval-Augmented Generation pipelines: knowledge poisoning, chunk boundary manipulation, retrieval score gaming, cross-tenant leakage, GraphRAG attacks, and metadata injection.
Knowledge Base Poisoning
Techniques for injecting adversarial documents into RAG knowledge bases: ingestion path analysis, embedding space attacks, SEO-style ranking manipulation, staged poisoning, and effectiveness measurement.
RAG System Security Hardening
Comprehensive guide to hardening RAG systems against poisoning, injection, and data exfiltration.
Secure RAG Pipeline Design Patterns
Security-first design patterns for RAG pipelines including source validation, content sanitization, and retrieval controls.
RAG Architecture: How Retrieval Systems Work
End-to-end anatomy of a Retrieval-Augmented Generation pipeline — document ingestion, chunking, embedding, indexing, retrieval, context assembly, and generation — with attack surface analysis at each stage.
Advanced RAG Manipulation Lab
Perform sophisticated RAG manipulation including embedding space attacks, metadata poisoning, and retrieval algorithm gaming.
Advanced RAG Poisoning Techniques
Execute sophisticated RAG poisoning including gradient-guided document crafting.
Lab: RAG Full Chain Attack
Hands-on lab for executing a complete RAG attack chain from document injection through retrieval manipulation to data exfiltration, targeting every stage of the Retrieval-Augmented Generation pipeline.
RAG Access Control Bypass
Bypass document-level access controls in enterprise RAG systems through query manipulation and context injection.
Basic RAG Query Injection
Craft user queries that manipulate RAG retrieval to surface unintended documents.
CTF: RAG Heist
Extract sensitive information from a Retrieval-Augmented Generation system by exploiting retrieval mechanisms, document parsing, embedding manipulation, and context window management vulnerabilities.
RAG Infiltrator: Level 2 — Enterprise Knowledge Base
Infiltrate and exfiltrate data from a multi-tier enterprise RAG system with access controls.
CTF: RAG Infiltrator
Poison a RAG system to return attacker-controlled content for specific queries. Score based on precision of targeting and stealth of the injected documents.
RAG Treasure Hunt: Vector DB Infiltration
Infiltrate a vector database by crafting documents that surface for specific queries to reveal flag fragments.
Lab: Advanced RAG Poisoning
Hands-on lab for crafting documents that reliably get retrieved and influence RAG responses for specific target queries.
Lab: Chunking Exploitation
Hands-on lab for crafting documents that split across chunks in ways that hide malicious content from chunk-level filtering while maintaining attack effectiveness.
Lab: Citation Fabrication
Hands-on lab for getting RAG systems to cite documents that don't exist or misattribute quotes to legitimate sources.
Document-Based RAG Injection Lab
Inject adversarial content into documents that will be processed by a RAG system to influence model responses.
Lab: RAG Metadata Injection
Hands-on lab for exploiting metadata fields like titles, descriptions, and timestamps to manipulate RAG retrieval ranking and influence responses.
Lab: Advanced RAG Security Testing
Test RAG systems for chunking exploitation, reranking manipulation, and cross-document injection attacks.
RAG Context Poisoning
Poison a vector database to inject adversarial content into RAG retrieval results.
Lab: RAG Pipeline Poisoning
Hands-on lab for setting up a RAG pipeline with LlamaIndex, injecting malicious documents, testing retrieval poisoning, and measuring injection success rates.
Lab: Re-ranking Attacks
Hands-on lab for manipulating the re-ranking stage of RAG pipelines to promote or suppress specific documents in retrieval results.
PDF Document Injection for RAG Systems
Craft adversarial PDF documents that inject instructions when processed by RAG document loaders.
RAG Document Injection Campaign
Design and execute a document injection campaign against a RAG-powered application with vector search.
Simulation: RAG Pipeline Poisoning
Red team engagement simulation targeting a RAG-based knowledge management system, covering embedding injection, document poisoning, retrieval manipulation, and knowledge base exfiltration.
Simulation: Enterprise RAG Security Assessment
Full engagement simulation assessing an enterprise RAG-powered knowledge base for poisoning, exfiltration, and injection vulnerabilities.
Multimodal RAG Poisoning
Poisoning multimodal RAG systems through adversarial documents with embedded visual and textual payloads.
Indirect Prompt Injection
How attackers embed malicious instructions in external data sources that LLMs process, enabling attacks without direct access to the model's input.
Chunk Boundary Attacks
Exploiting document splitting and chunking mechanisms in RAG pipelines, including payload injection at chunk boundaries, cross-chunk instruction injection, and chunk size manipulation.
RAG, Data & Training Attacks
Overview of attacks targeting the data layer of AI systems, including RAG poisoning, training data manipulation, and data extraction techniques.
Knowledge Base Poisoning (Rag Data Attacks)
Advanced corpus poisoning strategies for RAG systems, including black-box and white-box approaches, scaling dynamics, and the PoisonedRAG finding that 5 texts in millions achieve 90% attack success.
Metadata Injection
Manipulating document metadata to influence RAG retrieval ranking, bypass filtering, spoof source attribution, and exploit metadata-based access controls.
RAG Retrieval Poisoning (Rag Data Attacks)
Techniques for poisoning RAG knowledge bases to inject malicious content into LLM context, including embedding manipulation, document crafting, and retrieval hijacking.
Retrieval Manipulation (Rag Data Attacks)
Techniques for manipulating RAG retrieval to control which documents reach the LLM context, including adversarial query reformulation, retriever bias exploitation, and semantic similarity gaming.
RAG Poisoning End-to-End Walkthrough
Complete walkthrough of poisoning a RAG system from document injection through information extraction.
RAG Hybrid Search Poisoning Walkthrough
Walkthrough of poisoning both vector and keyword search in hybrid RAG architectures for maximum retrieval influence.
Implementing Access Control in RAG Pipelines
Walkthrough for building access control systems in RAG pipelines that enforce document-level permissions, prevent cross-user data leakage, filter retrieved context based on user authorization, and resist retrieval poisoning attacks.
RAG Input Sanitization Walkthrough
Implement input sanitization for RAG systems to prevent document-based injection attacks.
Secure RAG Architecture Walkthrough
Design and implement a secure RAG architecture with document sanitization, access controls, and output validation.
RAG Document Sandboxing Implementation
Implement document-level sandboxing for RAG systems to prevent cross-document injection and privilege escalation.
Secure RAG Architecture Implementation
Implement a security-hardened RAG architecture with input sanitization, access control, and output validation.
RAG System Red Team Engagement
Complete walkthrough for testing RAG applications: document injection, cross-scope retrieval exploitation, embedding manipulation, data exfiltration through retrieval, and chunk boundary attacks.
LangChain Application Security Testing
End-to-end walkthrough for security testing LangChain applications: chain enumeration, prompt injection through chains, tool and agent exploitation, retrieval augmented generation attacks, and memory manipulation.
LlamaIndex RAG Application Security Testing
End-to-end walkthrough for security testing LlamaIndex RAG applications: index enumeration, query engine exploitation, data connector assessment, response synthesis manipulation, and agent pipeline testing.