Adversarial Threat Vectors and Risk Mitigation for Retrieval-Augmented Generation Systems
Chris M. Ward, Josh Harguess
TL;DR
This paper identifies key adversarial threats to Retrieval-Augmented Generation systems, analyzes their risks, and proposes mitigation strategies like input validation and real-time monitoring to enhance system security.
Contribution
It provides a comprehensive analysis of adversarial attack vectors on RAG systems and introduces a prioritized control list for risk mitigation.
Findings
Prompt injection is a major threat.
Adversarial training improves robustness.
Real-time monitoring helps detect attacks.
Abstract
Retrieval-Augmented Generation (RAG) systems, which integrate Large Language Models (LLMs) with external knowledge sources, are vulnerable to a range of adversarial attack vectors. This paper examines the importance of RAG systems through recent industry adoption trends and identifies the prominent attack vectors for RAG: prompt injection, data poisoning, and adversarial query manipulation. We analyze these threats under risk management lens, and propose robust prioritized control list that includes risk-mitigating actions like input validation, adversarial training, and real-time monitoring.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsLinear Layer · Attention Dropout · Softmax · WordPiece · Refunds@Expedia|||How do I get a full refund from Expedia? · Weight Decay · Multi-Head Attention · Attention Is All You Need · Linear Warmup With Linear Decay · Dropout