RAG 檢索結果注入攻擊
Operation & Monitoring
Risk Description
Attackers inject malicious documents containing hidden prompt injection instructions into RAG systems knowledge bases or retrievable external sources. When user queries trigger retrieval of these malicious documents, injected instructions are processed as knowledge sources and influence model output. This is particularly dangerous as RAG systems have higher trust in retrieval results, and attackers can poison remotely without direct access to the target system.
Framework Mappings
iso 23894R2
cosaiPrompt Injection
owasp llmLLM01
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)
Controls English translation pending
- 檢索結果安全過濾
- 知識庫完整性驗證
Implementation Steps English translation pending
- 對檢索結果進行安全掃描,偵測可能的指令注入內容
- 實施知識庫來源驗證和完整性雜湊檢查
- 對外部來源的檢索結果實施信任等級分層
- 在 RAG 管線中加入檢索結果與查詢意圖的相關性閾值過濾