Ch 7 — Securing RAG Pipelines — Under the Hood

Indirect injection via documents, PoisonedRAG, access control, retrieval sanitization, SD-RAG
Index← High Level
Under the Hood
-
Click play or press Space to begin. Click any node for deep-dive details...
Step- / 10
ARAG Attack SurfaceOWASP LLM08:2025 — Vector & Embedding Weaknesses
1
search
User QueryUntrusted input
to retriever
database
Vector StoreEmbeddings from
ingested docs
2
description
Retrieved DocsTop-k chunks
injected into context
smart_toy
LLM GenerationTrusts retrieved
content blindly
3
arrow_downward Indirect injection: malicious instructions in documents
BIndirect Prompt Injection & PoisonedRAGPalo Alto Unit 42, Zou et al. 2024
edit_document
Poisoned DocHidden instructions
in corpus
4
pest_control
PoisonedRAGOptimized adversarial
passages
science
CPA-RAGCorpus Poisoning
Attack on RAG
5
arrow_downward Defense layer 1: document-level access control
CDocument-Level Access ControlMetadata filtering, ACL enforcement at retrieval time
lock
ACL MetadataPer-document
access tags
6
filter_alt
Pre-Retrieval FilterFilter by user
permissions first
verified_user
Scoped ResultsOnly authorized
docs returned
7
arrow_downward Defense layer 2: retrieval sanitization & SD-RAG
DRetrieval Sanitization & SD-RAGScanning retrieved content, prompt boundary markers
cleaning_services
Content ScanDetect injections
in retrieved docs
8
fence
Prompt BoundariesDelimiters separate
data from instructions
security
SD-RAGSelf-Defending RAG
instruction-aware
9
arrow_downward Complete secure RAG architecture
ESecure RAG ArchitectureEnd-to-end defense pipeline
architecture
Ingestion SecurityScan docs at
index time
10
layers
Defense StackFull secure
RAG pipeline