◈ AI Security Intelligence ← All terms
Concept  ·  Glossary

Retrieval-Augmented Generation (RAG)

Definition
A technique where an AI agent retrieves relevant documents or data from a knowledge base before generating a response, grounding the model's output in factual sources. RAG reduces hallucination and enables the model to use proprietary or real-time data.
Why it matters
RAG is the dominant pattern for deploying large language models to enterprise data; however, RAG pipelines introduce new attack surfaces—poisoned documents in the knowledge base can inject false information or instructions into model responses.
Demonstrated by recent findings
Spring AI Vector Stores — Special-Character Injection Enables Arbitrary Query Execution in Elasticsearch, OpenSearch, and GemFireChromaDB Rust IDOR Cross-Tenant Data Access — CVE-2026-8828, CVSS 8.8 HIGH — No Patch ConfirmedLangflow AI Platform Path Traversal → Unauthenticated RCE Actively Exploited (CVE-2026-5027)Langflow CVE-2026-5027 Path Traversal to Unauthenticated RCE via File UploadLangflow CVE-2026-5027 Path Traversal to Unauthenticated RCE
References
NIST AI Risk Management FrameworkLewis et al. - Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →