knowledge-base-poisoningtricking the agent into writing adversarial content into the knowledge base so future answers are corrupted.retrieval-manipulationcrafting input so the search pulls attacker-chosen documents.embedding-collisionmaking unrelated text look similar to a target so it surfaces in results.chunk-boundary-exploitsplitting a payload across chunk edges so filters miss it.citation-hallucinationgetting the model to invent fake sources and cite them as real.
Attack Strategies
RAG Exploitation: Attack Strategy
RAG retrieval-augmented generation lets an AI look up documents to answer questions. These attacks target that lookup step. They poison the stored document
What it is: RAG (retrieval-augmented generation) lets an AI look up documents to answer questions. These attacks target that lookup step. They poison the stored documents or rig the search so the AI retrieves and trusts bad content.
How the attacks work: The attacker plants malicious text where the AI will fetch it, or shapes a query and chunk so the wrong content gets pulled. Because the AI treats retrieved text as a trusted source, it repeats the planted lie, follows hidden instructions, or cites things that do not exist.
Real examples from the framework: