RAG Security
Cloud SecurityDefinition
Security practices for Retrieval-Augmented Generation AI systems, addressing risks including indirect prompt injection via retrieved content, unauthorized data access through semantic search, and context window data leakage.
Technical Details
RAG systems retrieve external documents to augment LLM context, creating a new attack surface: retrieved content can contain adversarial instructions (indirect prompt injection), overly broad vector search can return documents the querying user should not access (broken access control), and chunked documents may leak sensitive fragments. Secure RAG architectures apply per-user access control at retrieval time and sanitize retrieved content before inclusion in model context.
Practical Usage
Enterprises deploying internal knowledge base chatbots must ensure vector search results respect existing document-level ACLs. Security architects should threat-model the full data flow from user query through retrieval, context assembly, and LLM response generation — treating each stage as a potential injection or leakage point.
Examples
- A company's internal AI assistant retrieves HR salary data visible to all employees because the vector store lacks per-document access controls.
- An attacker uploads a document to a shared knowledge base containing hidden prompt injection instructions.
- Chunking of financial reports causes sensitive deal terms to appear in responses to unrelated queries.