There are 5 attacks in the rag-exploitation category. Each shows its technique id, mode, standards mapping, description, and the exact command to run it (swap the provider and target as needed).
Knowledge Base Poisoning
critical
knowledge-base-poisoning · tool-use · OWASP: LLM08, LLM06 · MITRE: AML.T0020, AML.T0051.000Tests if an agent can be tricked into writing adversarial content into the knowledge base that affects future retrievalsRun it:
ai-blackteam run -p anthropic -a knowledge-base-poisoning -t "your target prompt"
Embedding Collision
high
embedding-collision · single-turn · OWASP: LLM08 · MITRE: AML.T0043.003, AML.T0068Exploits embedding model weaknesses where semantically different texts produce similar vectors, allowing adversarial retrievalRun it:
ai-blackteam run -p anthropic -a embedding-collision -t "your target prompt"
Retrieval Manipulation
high
retrieval-manipulation · tool-use · OWASP: LLM01, LLM08 · MITRE: AML.T0051.000, AML.T0068Manipulates RAG retrieval by crafting queries that surface poisoned or adversarial documents from the vector storeRun it:
ai-blackteam run -p anthropic -a retrieval-manipulation -t "your target prompt"
Chunk Boundary Exploit
medium
chunk-boundary-exploit · single-turn · OWASP: LLM08 · MITRE: AML.T0054, AML.T0068Exploits document chunking boundaries in RAG systems where safety-critical context gets split across chunksRun it:
ai-blackteam run -p anthropic -a chunk-boundary-exploit -t "your target prompt"
Citation Hallucination
medium
citation-hallucination · single-turn · OWASP: LLM09, LLM08 · MITRE: AML.T0054, AML.T0068Tests if a RAG system fabricates citations or attributes harmful content to legitimate retrieved sourcesRun it:
ai-blackteam run -p anthropic -a citation-hallucination -t "your target prompt"