Security researchers have demonstrated how attackers can poison Retrieval-Augmented Generation (RAG) systems by injecting malicious documents that corrupt AI responses. A new open-source lab shows 95% attack success rates against small document collections, with the poisoning mechanism remaining effective even in larger systems when scaled proportionally.
RAG systems, which help AI models access external knowledge by retrieving relevant documents, have become critical infrastructure for enterprise AI applications. The vulnerability stems from how these systems rank and select documents during retrieval, allowing carefully crafted poisoned documents to dominate legitimate sources.