Techniquedefense-evasionATLAS

AML.T0071False RAG Entry Injection

What it is

Adversaries may introduce false entries into a victim's retrieval augmented generation (RAG) database. Content designed to be interpreted as a document by the large language model (LLM) used in the RAG system is included in a data source being ingested into the RAG database. When RAG entry including the false document is retrieved, the LLM is tricked into treating part of the retrieved content as a false RAG result. By including a false RAG document inside of a regular RAG entry, it bypasses data monitoring tools. It also prevents the document from being deleted directly. The adversary may use discovered system keywords to learn how to instruct a particular LLM to treat content as a RAG entry. They may be able to manipulate the injected entry's metadata including document title, author, and creation date.

References

  1. https://atlas.mitre.org/techniques/AML.T0071

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

ATLAS
RAG Poisoning
ATLAS
RAG Credential Harvesting
ATLAS
AI Agent Tool Data Poisoning
ATLAS
Retrieval Content Crafting
ATLAS
LLM Data Leakage
ATLAS
Gather RAG-Indexed Targets
Sourced from MITRE ATLAS — Adversarial Threat Landscape for AI Systems. Curated by Adam Lundqvist, SQUR.