# rag

agentic-exploitationllamaindexattack-surfacerag

LlamaIndex Attack Surface Analysis

Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.

agentic-exploitationagent-memoryragconfusion

RAG-Memory Confusion Attacks

Exploit the interaction between RAG retrieval and agent memory to create conflicting contexts that bypass safety.

ai-forensics-irvector-databasepoisoningembedding-forensicsrag

Vector Database Forensics

Forensic analysis techniques for detecting and investigating vector database poisoning, unauthorized modifications, and data integrity violations.

assessmentragretrieval-augmented-generationdata-poisoningembeddings

RAG & Data Attack Assessment

Test your knowledge of Retrieval-Augmented Generation attack vectors, knowledge base poisoning, embedding manipulation, and data exfiltration through RAG systems with 10 intermediate-level questions.

assessmentsragdata-attacksexam

RAG & Data Attack Assessment (Assessment)

Assessment on RAG poisoning, embedding attacks, training data extraction, and membership inference.

assessmentsskill-verificationragpractical

Skill Verification: RAG & Data Attacks

Practical verification of RAG poisoning, embedding attacks, and data extraction techniques.

capstoneenterpriseragassessment

Capstone: Enterprise RAG Assessment

Capstone exercise: complete red team assessment of an enterprise RAG system with role-based access.

capstoneragsecurityassessmentretrieval

Capstone: Comprehensive RAG Security Assessment

Conduct a thorough security assessment of a Retrieval-Augmented Generation system, testing document poisoning, retrieval manipulation, context window attacks, and data exfiltration vectors.

Case Study: Production RAG Poisoning Incident

Detailed analysis of a real-world RAG poisoning incident including attack methodology, impact, and remediation.

case-studyragpoisoning

challengeragpoisoningretrievalinjectionmay-2026

May 2026: RAG Poisoning Challenge

Inject malicious documents into a retrieval-augmented generation system to control responses for specific queries without disrupting normal operation.

data-securityragtraining-attacksmodel-extractionprivacydata-poisoning

Data & Training Security

Security vulnerabilities in the AI data pipeline, covering RAG exploitation, training data attacks, model extraction and intellectual property theft, and privacy attacks against deployed models.

ragretrievalvector-dbknowledge-poisoningembeddingsgraphragcross-tenant

RAG Pipeline Exploitation

Methodology for attacking Retrieval-Augmented Generation pipelines: knowledge poisoning, chunk boundary manipulation, retrieval score gaming, cross-tenant leakage, GraphRAG attacks, and metadata injection.

ragpoisoningembeddingsvector-searchadversarial-documentsretrieval-manipulation

Knowledge Base Poisoning

Techniques for injecting adversarial documents into RAG knowledge bases: ingestion path analysis, embedding space attacks, SEO-style ranking manipulation, staged poisoning, and effectiveness measurement.

defenseraghardeningsecurity

RAG System Security Hardening

Comprehensive guide to hardening RAG systems against poisoning, injection, and data exfiltration.

defenseragpipeline-security

Secure RAG Pipeline Design Patterns

Security-first design patterns for RAG pipelines including source validation, content sanitization, and retrieval controls.

ragretrievalarchitectureintermediate

RAG Architecture: How Retrieval Systems Work

End-to-end anatomy of a Retrieval-Augmented Generation pipeline — document ingestion, chunking, embedding, indexing, retrieval, context assembly, and generation — with attack surface analysis at each stage.

advancedlabragmanipulationlabs

Advanced RAG Manipulation Lab

Perform sophisticated RAG manipulation including embedding space attacks, metadata poisoning, and retrieval algorithm gaming.

Advanced RAG Poisoning Techniques

Execute sophisticated RAG poisoning including gradient-guided document crafting.

labsragpoisoningadvanced

labragfull-chaindocument-injectionexfiltrationadvanced

Lab: RAG Full Chain Attack

Hands-on lab for executing a complete RAG attack chain from document injection through retrieval manipulation to data exfiltration, targeting every stage of the Retrieval-Augmented Generation pipeline.

labsragaccess-controlbypassadvanced

RAG Access Control Bypass

Bypass document-level access controls in enterprise RAG systems through query manipulation and context injection.

labsragquery-injectionbeginner

Basic RAG Query Injection

Craft user queries that manipulate RAG retrieval to surface unintended documents.

ctfragdata-extractionretrievalintermediate

CTF: RAG Heist

Extract sensitive information from a Retrieval-Augmented Generation system by exploiting retrieval mechanisms, document parsing, embedding manipulation, and context window management vulnerabilities.

RAG Infiltrator: Level 2 — Enterprise Knowledge Base

Infiltrate and exfiltrate data from a multi-tier enterprise RAG system with access controls.

labsctfragenterprise

ctfraginfiltrationdata-poisoning

CTF: RAG Infiltrator

Poison a RAG system to return attacker-controlled content for specific queries. Score based on precision of targeting and stealth of the injected documents.

RAG Treasure Hunt: Vector DB Infiltration

Infiltrate a vector database by crafting documents that surface for specific queries to reveal flag fragments.

labsctfragvector-db

labragpoisoningadvanceddata-attacks

Lab: Advanced RAG Poisoning

Hands-on lab for crafting documents that reliably get retrieved and influence RAG responses for specific target queries.

labragchunkingevasiondata-attacks

Lab: Chunking Exploitation

Hands-on lab for crafting documents that split across chunks in ways that hide malicious content from chunk-level filtering while maintaining attack effectiveness.

labragcitationfabricationhallucinationdata-attacks

Lab: Citation Fabrication

Hands-on lab for getting RAG systems to cite documents that don't exist or misattribute quotes to legitimate sources.

intermediateinjectionlablabsragdocument

Document-Based RAG Injection Lab

Inject adversarial content into documents that will be processed by a RAG system to influence model responses.

labragmetadatainjectiondata-attacks

Lab: RAG Metadata Injection

Hands-on lab for exploiting metadata fields like titles, descriptions, and timestamps to manipulate RAG retrieval ranking and influence responses.

labsragadvanced-testingintermediate

Lab: Advanced RAG Security Testing

Test RAG systems for chunking exploitation, reranking manipulation, and cross-document injection attacks.

labsragpoisoningintermediate

RAG Context Poisoning

Poison a vector database to inject adversarial content into RAG retrieval results.

labragpoisoningdata-attacks

Lab: RAG Pipeline Poisoning

Hands-on lab for setting up a RAG pipeline with LlamaIndex, injecting malicious documents, testing retrieval poisoning, and measuring injection success rates.

labragrerankingmanipulationdata-attacks

Lab: Re-ranking Attacks

Hands-on lab for manipulating the re-ranking stage of RAG pipelines to promote or suppress specific documents in retrieval results.

labspdfinjectionragintermediate

PDF Document Injection for RAG Systems

Craft adversarial PDF documents that inject instructions when processed by RAG document loaders.

labsragdocument-injectionintermediate

RAG Document Injection Campaign

Design and execute a document injection campaign against a RAG-powered application with vector search.

simulationragembeddingsvector-databaseknowledge-managementpoisoning

Simulation: RAG Pipeline Poisoning

Red team engagement simulation targeting a RAG-based knowledge management system, covering embedding injection, document poisoning, retrieval manipulation, and knowledge base exfiltration.

simulationragenterpriseknowledge-base

Simulation: Enterprise RAG Security Assessment

Full engagement simulation assessing an enterprise RAG-powered knowledge base for poisoning, exfiltration, and injection vulnerabilities.

multimodalragpoisoningmultimodal-retrieval

Multimodal RAG Poisoning

Poisoning multimodal RAG systems through adversarial documents with embedded visual and textual payloads.

prompt-injectionindirect-injectionragdata-poisoningsupply-chain

Indirect Prompt Injection

How attackers embed malicious instructions in external data sources that LLMs process, enabling attacks without direct access to the model's input.

chunkingchunk-boundaryragdocument-splittinginjection

Chunk Boundary Attacks

Exploiting document splitting and chunking mechanisms in RAG pipelines, including payload injection at chunk boundaries, cross-chunk instruction injection, and chunk size manipulation.

ragdata-poisoningtraining-datadata-extractionai-security

RAG, Data & Training Attacks

Overview of attacks targeting the data layer of AI systems, including RAG poisoning, training data manipulation, and data extraction techniques.

knowledge-basecorpus-poisoningragpoisonedragadversarial-documents

Knowledge Base Poisoning (Rag Data Attacks)

Advanced corpus poisoning strategies for RAG systems, including black-box and white-box approaches, scaling dynamics, and the PoisonedRAG finding that 5 texts in millions achieve 90% attack success.

metadatainjectionragsource-spoofingretrieval-ranking

Metadata Injection

Manipulating document metadata to influence RAG retrieval ranking, bypass filtering, spoof source attribution, and exploit metadata-based access controls.

ragpoisoningretrievalembeddingsindirect-injection

RAG Retrieval Poisoning (Rag Data Attacks)

Techniques for poisoning RAG knowledge bases to inject malicious content into LLM context, including embedding manipulation, document crafting, and retrieval hijacking.

retrievalmanipulationragquery-reformulationsemantic-similarity

Retrieval Manipulation (Rag Data Attacks)

Techniques for manipulating RAG retrieval to control which documents reach the LLM context, including adversarial query reformulation, retriever bias exploitation, and semantic similarity gaming.

walkthroughsragpoisoningdata

RAG Poisoning End-to-End Walkthrough

Complete walkthrough of poisoning a RAG system from document injection through information extraction.

walkthroughsraghybrid-searchpoisoning

RAG Hybrid Search Poisoning Walkthrough

Walkthrough of poisoning both vector and keyword search in hybrid RAG architectures for maximum retrieval influence.

ragaccess-controlretrievaldata-leakageauthorizationdefensewalkthrough

Implementing Access Control in RAG Pipelines

Walkthrough for building access control systems in RAG pipelines that enforce document-level permissions, prevent cross-user data leakage, filter retrieved context based on user authorization, and resist retrieval poisoning attacks.

walkthroughsdefenseragsanitization

RAG Input Sanitization Walkthrough

Implement input sanitization for RAG systems to prevent document-based injection attacks.

architecturesecuredefenseragwalkthroughs

Secure RAG Architecture Walkthrough

Design and implement a secure RAG architecture with document sanitization, access controls, and output validation.

walkthroughsdefenseragsandboxing

RAG Document Sandboxing Implementation

Implement document-level sandboxing for RAG systems to prevent cross-document injection and privilege escalation.

walkthroughsdefenseragsecure-architecture

Secure RAG Architecture Implementation

Implement a security-hardened RAG architecture with input sanitization, access control, and output validation.

ragengagementdocument-injectionembeddingretrievaldata-exfiltrationwalkthrough

RAG System Red Team Engagement

Complete walkthrough for testing RAG applications: document injection, cross-scope retrieval exploitation, embedding manipulation, data exfiltration through retrieval, and chunk boundary attacks.

langchainchainsagentstoolsragmemoryprompt-injectionwalkthrough

LangChain Application Security Testing

End-to-end walkthrough for security testing LangChain applications: chain enumeration, prompt injection through chains, tool and agent exploitation, retrieval augmented generation attacks, and memory manipulation.

llamaindexragquery-enginedata-connectorsresponse-synthesisagentswalkthrough

LlamaIndex RAG Application Security Testing

End-to-end walkthrough for security testing LlamaIndex RAG applications: index enumeration, query engine exploitation, data connector assessment, response synthesis manipulation, and agent pipeline testing.

agentsmemory-poisoningragvector-storespersistenceadvanced

代理記憶體投毒

Techniques for injecting malicious content into agent memory systems -- conversation history, RAG stores, and vector databases -- to achieve persistent cross-session compromise.

agentic-exploitationllamaindexattack-surfacerag

LlamaIndex 攻擊 Surface Analysis

Analysis of security vulnerabilities in LlamaIndex's RAG and agent components.

agentic-exploitationagent-memoryragconfusion

RAG-記憶體 Confusion 攻擊s

利用 the interaction between RAG retrieval and agent memory to create conflicting contexts that bypass safety.

ai-forensics-irvector-databasepoisoningembedding-forensicsrag

Vector Database Forensics

Forensic analysis techniques for detecting and investigating vector database poisoning, unauthorized modifications, and data integrity violations.

assessmentragdata-attacksevaluation

章節評量：RAG 攻擊

15 題校準評量，測試你對 RAG 管線攻擊的理解——知識庫投毒、檢索操控與資料萃取。

assessmentsragdata-attacksexam

RAG & Data 攻擊評量 (評量)

評量 on RAG poisoning, embedding attacks, training data extraction, and membership inference.

assessmentsskill-verificationragpractical

Skill Verification: RAG & Data 攻擊s

Practical verification of RAG poisoning, embedding attacks, and data extraction techniques.

capstoneenterpriseragassessment

Capstone: Enterprise RAG 評量

Capstone exercise: complete red team assessment of an enterprise RAG system with role-based access.

capstoneragsecurityassessmentretrieval

Capstone: Comprehensive RAG 安全評量

Conduct a thorough security assessment of a Retrieval-Augmented Generation system, testing document poisoning, retrieval manipulation, context window attacks, and data exfiltration vectors.

Case Study: Production RAG 投毒 Incident

Detailed analysis of a real-world RAG poisoning incident including attack methodology, impact, and remediation.

case-studyragpoisoning

challengeragpoisoningretrievalinjectionmay-2026

May 2026: RAG 投毒 Challenge

Inject malicious documents into a retrieval-augmented generation system to control responses for specific queries without disrupting normal operation.

data-securityragtraining-attacksmodel-extractionprivacydata-poisoning

資料與訓練安全

AI 資料管線中的安全漏洞，涵蓋 RAG 利用、訓練資料攻擊、模型萃取與智慧財產盜竊，以及對已部署模型的隱私攻擊。

ragretrievalvector-dbknowledge-poisoningembeddingsgraphragcross-tenant

RAG Pipeline 利用ation

ragpoisoningembeddingsvector-searchadversarial-documentsretrieval-manipulation

Knowledge Base 投毒

defenseraghardeningsecurity

RAG System 安全 Hardening

Comprehensive guide to hardening RAG systems against poisoning, injection, and data exfiltration.

defenseragpipeline-security

Secure RAG Pipeline Design Patterns

安全-first design patterns for RAG pipelines including source validation, content sanitization, and retrieval controls.

ragretrievalarchitectureintermediate

RAG 架構：檢索系統如何運作

檢索增強生成管線之端到端解剖——文件攝入、分塊、embedding、索引、檢索、脈絡組裝與生成——含各階段之攻擊面分析。

advancedlabragmanipulationlabs

進階 RAG Manipulation 實驗室

Perform sophisticated RAG manipulation including embedding space attacks, metadata poisoning, and retrieval algorithm gaming.

進階 RAG 投毒 Techniques

Execute sophisticated RAG poisoning including gradient-guided document crafting.

labsragpoisoningadvanced

labragfull-chaindocument-injectionexfiltrationadvanced

實驗室: RAG Full Chain 攻擊

labsragaccess-controlbypassadvanced

RAG Access Control Bypass

Bypass document-level access controls in enterprise RAG systems through query manipulation and context injection.

labsragquery-injectionbeginner

Basic RAG Query Injection

Craft user queries that manipulate RAG retrieval to surface unintended documents.

ctfragdata-extractionretrievalintermediate

CTF：RAG 劫案

透過利用檢索機制、文件解析、嵌入操弄與上下文視窗管理漏洞，從檢索增強生成（RAG）系統中擷取敏感資訊。

RAG Infiltrator: Level 2 — Enterprise Knowledge Base

Infiltrate and exfiltrate data from a multi-tier enterprise RAG system with access controls.

labsctfragenterprise

ctfraginfiltrationdata-poisoning

CTF: RAG Infiltrator

Poison a RAG system to return attacker-controlled content for specific queries. Score based on precision of targeting and stealth of the injected documents.

RAG Treasure Hunt: Vector DB Infiltration

Infiltrate a vector database by crafting documents that surface for specific queries to reveal flag fragments.

labsctfragvector-db

labragpoisoningadvanceddata-attacks

實驗室: 進階 RAG 投毒

Hands-on lab for crafting documents that reliably get retrieved and influence RAG responses for specific target queries.

labragchunkingevasiondata-attacks

實驗室: Chunking 利用ation

Hands-on lab for crafting documents that split across chunks in ways that hide malicious content from chunk-level filtering while maintaining attack effectiveness.

labragcitationfabricationhallucinationdata-attacks

實驗室: Citation Fabrication

Hands-on lab for getting RAG systems to cite documents that don't exist or misattribute quotes to legitimate sources.

intermediateinjectionlablabsragdocument

Document-Based RAG Injection 實驗室

Inject adversarial content into documents that will be processed by a RAG system to influence model responses.

labragmetadatainjectiondata-attacks

實驗室: RAG Metadata Injection

Hands-on lab for exploiting metadata fields like titles, descriptions, and timestamps to manipulate RAG retrieval ranking and influence responses.

labsragadvanced-testingintermediate

實驗室: 進階 RAG 安全 Testing

Test RAG systems for chunking exploitation, reranking manipulation, and cross-document injection attacks.

labsragpoisoningintermediate

RAG Context 投毒

Poison a vector database to inject adversarial content into RAG retrieval results.

labragpoisoningdata-attacks

實驗室: RAG Pipeline 投毒

Hands-on lab for setting up a RAG pipeline with LlamaIndex, injecting malicious documents, testing retrieval poisoning, and measuring injection success rates.

labragrerankingmanipulationdata-attacks

實驗室: Re-ranking 攻擊s

Hands-on lab for manipulating the re-ranking stage of RAG pipelines to promote or suppress specific documents in retrieval results.

labspdfinjectionragintermediate

PDF Document Injection for RAG Systems

Craft adversarial PDF documents that inject instructions when processed by RAG document loaders.

labsragdocument-injectionintermediate

RAG Document Injection Campaign

Design and execute a document injection campaign against a RAG-powered application with vector search.

simulationragembeddingsvector-databaseknowledge-managementpoisoning

模擬：RAG 管線投毒

針對以 RAG 為本之知識管理系統之紅隊委任模擬，涵蓋 embedding 注入、文件投毒、檢索操弄與知識庫外洩。

simulationragenterpriseknowledge-base

模擬：企業 RAG 安全評估

完整案件模擬，評估企業 RAG 驅動的知識庫以偵測投毒、外洩與注入漏洞。

multimodalragpoisoningmultimodal-retrieval

Multimodal RAG 投毒

投毒 multimodal RAG systems through adversarial documents with embedded visual and textual payloads.

prompt-injectionindirect-injectionragdata-poisoningsupply-chain

間接提示詞注入

攻擊者如何在大型語言模型處理的外部資料來源中嵌入惡意指令，無需直接存取模型輸入即可發動攻擊。

chunkingchunk-boundaryragdocument-splittinginjection

Chunk Boundary 攻擊s

利用ing document splitting and chunking mechanisms in RAG pipelines, including payload injection at chunk boundaries, cross-chunk instruction injection, and chunk size manipulation.

ragdata-poisoningtraining-datadata-extractionai-security

RAG、資料與訓練攻擊

針對 AI 系統資料層攻擊的概覽，包含 RAG 投毒、訓練資料操控與資料萃取技術。

knowledge-basecorpus-poisoningragpoisonedragadversarial-documents

Knowledge Base 投毒 (Rag Data 攻擊s)

進階 corpus poisoning strategies for RAG systems, including black-box and white-box approaches, scaling dynamics, and the PoisonedRAG finding that 5 texts in millions achieve 90% attack success.

metadatainjectionragsource-spoofingretrieval-ranking

Metadata Injection

Manipulating document metadata to influence RAG retrieval ranking, bypass filtering, spoof source attribution, and exploit metadata-based access controls.

ragpoisoningknowledge-baseretrievalinjection

RAG 管線投毒

透過投毒檢索增強生成管線以操控 AI 回應的技術——涵蓋文件注入、嵌入操控、檢索排名攻擊與持久投毒策略。

retrievalmanipulationragquery-reformulationsemantic-similarity

Retrieval Manipulation (Rag Data 攻擊s)

Techniques for manipulating RAG retrieval to control which documents reach the LLM context, including adversarial query reformulation, retriever bias exploitation, and semantic similarity gaming.

walkthroughsragpoisoningdata

RAG 投毒 End-to-End 導覽

Complete walkthrough of poisoning a RAG system from document injection through information extraction.

walkthroughsraghybrid-searchpoisoning

RAG Hybrid Search 投毒導覽

導覽 of poisoning both vector and keyword search in hybrid RAG architectures for maximum retrieval influence.

ragaccess-controlretrievaldata-leakageauthorizationdefensewalkthrough

Implementing Access Control in RAG Pipelines

導覽 for building access control systems in RAG pipelines that enforce document-level permissions, prevent cross-user data leakage, filter retrieved context based on user authorization, and resist retrieval poisoning attacks.

walkthroughsdefenseragsanitization

RAG Input Sanitization 導覽

Implement input sanitization for RAG systems to prevent document-based injection attacks.

architecturesecuredefenseragwalkthroughs

Secure RAG Architecture 導覽

Design and implement a secure RAG architecture with document sanitization, access controls, and output validation.

walkthroughsdefenseragsandboxing

RAG Document Sandboxing Implementation

Implement document-level sandboxing for RAG systems to prevent cross-document injection and privilege escalation.

walkthroughsdefenseragsecure-architecture

Secure RAG Architecture Implementation

Implement a security-hardened RAG architecture with input sanitization, access control, and output validation.

ragengagementdocument-injectionembeddingretrievaldata-exfiltrationwalkthrough

RAG System 紅隊 Engagement

Complete walkthrough for testing RAG applications: document injection, cross-scope retrieval exploitation, embedding manipulation, data exfiltration through retrieval, and chunk boundary attacks.

langchainchainsagentstoolsragmemoryprompt-injectionwalkthrough

LangChain Application 安全 Testing

llamaindexragquery-enginedata-connectorsresponse-synthesisagentswalkthrough

LlamaIndex RAG Application 安全 Testing