7 docs tagged with "rag-security"

Polyglot files are valid in multiple formats simultaneously (e.g., GIF + Shell Script). Learn how attackers use them to bypass RAG ingestion filters and achieve RCE.

An architectural analysis of how adversaries exploit hidden HTML comments to inject adversarial instructions (Prompt Injection) into Retrieval-Augmented Generation pipelines.

A deep architectural dive into the vulnerabilities of RAG framework document loaders. Mitigating SSRF and parsing-layer RCE exploits in unstructured data pipelines.

A technical breakdown of how financial institutions can deploy Retrieval-Augmented Generation (RAG) while maintaining continuous threat monitoring and supply chain security mandated by the Digital Operational Resilience Act (DORA).

A comprehensive list of prompt injection techniques for testing RAG systems. From direct overrides to context switching and payload splitting.

An architectural breakdown of Indirect Prompt Injections targeting RAG pipelines, and how poisoned chunks in ChromaDB or Pinecone compromise LLM responses.

A deep dive into Indirect Prompt Injection leading to Server-Side Request Forgery (SSRF) and data exfiltration via dynamically rendered Markdown images.