Security and Privacy in Retrieval-Augmented Generation: Architectures, Threats, Defenses, and Future Directions for Building Trustworthy Systems
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel 2026-06-25 20:54 UTCgrok-4.3pith:SCWYTAMUrecord.jsonopen to challenge →
The pith
Retrieval-augmented generation systems introduce security and privacy risks through their retrieval mechanisms that go beyond those of standard language models.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
Integrating retrieval pipelines in RAG systems exposes sensitive information through retrieval indices, query logs, context construction, or federated updates, while adversarial manipulation of knowledge bases can undermine trust in generated outputs, requiring a unified taxonomy of threat surfaces across retrieval, context construction, and generation stages together with analysis of attacks and defenses in centralized, on-device, federated, and hybrid paradigms.
What carries the argument
A unified taxonomy of threat surfaces spanning the retrieval, context construction, and generation stages.
If this is right
- Defenses must address retrieval-specific surfaces such as index poisoning and query log leakage in addition to generation-stage threats.
- Architectural choices for RAG deployments carry measurable privacy-utility trade-offs that vary by paradigm.
- Attacks including membership inference and collusion can compromise both data confidentiality and output integrity.
- Hybrid and federated RAG setups require additional protections against gradient leakage and inter-party collusion.
Where Pith is reading between the lines
- Standard LLM safety layers will need explicit extensions to cover the retrieval stage if the taxonomy holds.
- Empirical measurement of real-world RAG data exposure events could test whether the listed attack classes are exhaustive.
- Cryptographic techniques applied at the index level might reduce leakage without full redesign of retrieval pipelines.
- The taxonomy could guide standardized auditing protocols for RAG systems in regulated domains.
Load-bearing premise
The presented unified taxonomy of threat surfaces and listed attack classes adequately covers the primary risks across all RAG paradigms.
What would settle it
Identification of a major privacy or security vulnerability in an operational RAG system whose attack surface falls outside the taxonomy categories of retrieval, context construction, and generation.
Figures
read the original abstract
Retrieval-Augmented Generation (RAG) has emerged as a dominant paradigm for enhancing large language models with external knowledge. By coupling retrieval mechanisms with generative models, RAG systems improve factual grounding and adaptability across domains. However, integrating retrieval pipelines introduces new security and privacy risks that extend beyond conventional language modeling threats. Sensitive information may be exposed through retrieval indices, query logs, context construction, or federated updates, while adversarial manipulation of knowledge bases can undermine trust in generated outputs. This survey provides a comprehensive examination of privacy and security challenges across RAG systems deployed in centralized, on-device (Micro-RAG), federated, and hybrid paradigms. We present a unified taxonomy of threat surfaces spanning the retrieval, context construction, and generation stages and systematically analyze attack classes, including membership inference, index inference, poisoning, gradient leakage, and collusion. We further review architectural, algorithmic, and cryptographic defenses, highlighting privacy-utility trade-offs and deployment considerations. Finally, we outline open research challenges toward building trustworthy, secure, and resilient RAG systems for real-world applications.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The manuscript is a survey on security and privacy in Retrieval-Augmented Generation (RAG) systems. It examines risks across centralized, on-device (Micro-RAG), federated, and hybrid deployment paradigms; introduces a unified taxonomy of threat surfaces spanning retrieval, context construction, and generation stages; catalogs attack classes including membership inference, index inference, poisoning, gradient leakage, and collusion; reviews architectural, algorithmic, and cryptographic defenses with attention to privacy-utility trade-offs; and identifies open research challenges for trustworthy RAG systems.
Significance. If the coverage and taxonomy hold, the survey provides a useful organizing framework for an emerging area where RAG adoption introduces privacy and security risks beyond standard LLM threats. Systematizing attacks and defenses across multiple paradigms, along with explicit discussion of deployment considerations, can help researchers identify gaps and practitioners evaluate trade-offs. The work is a literature survey with no original theorems, experiments, or machine-checked proofs.
minor comments (3)
- Abstract: the claim of a 'unified taxonomy' would be strengthened by a brief statement of the criteria used to unify prior taxonomies or by a forward reference to the section where the unification is demonstrated.
- The manuscript would benefit from an explicit table or figure that maps each attack class to the deployment paradigms (centralized, on-device, federated, hybrid) in which it has been studied or is applicable.
- Section headings and subsection numbering should be checked for consistency with the taxonomy stages (retrieval, context construction, generation) to improve navigation.
Simulated Author's Rebuttal
We thank the referee for the positive summary and assessment of our survey, as well as the recommendation for minor revision. No specific major comments were provided in the report, so we have no individual points to address. We remain available to incorporate any minor editorial suggestions if requested.
Circularity Check
No significant circularity
full rationale
This is a literature survey paper with no original derivations, equations, predictions, or formal claims that could reduce to their own inputs. The unified taxonomy and attack/defense catalog are syntheses of external literature across RAG paradigms; the coverage statement is definitional to the survey genre rather than a testable proposition derived from fitted parameters or self-citations. No load-bearing steps match any enumerated circularity pattern.
Axiom & Free-Parameter Ledger
Reference graph
Works this paper leans on
-
[1]
A Comprehensive Overview of Large Language Models.ACM Transactions on Intelligent Systems and Technology, 16(5):1–72, 2025
Humza Naveed, Asad Ullah Khan, Shi Qiu, Muhammad Saqib, Saeed Anwar, Muhammad Usman, Naveed Akhtar, Nick Barnes, and Ajmal Mian. A Comprehensive Overview of Large Language Models.ACM Transactions on Intelligent Systems and Technology, 16(5):1–72, 2025
2025
-
[2]
Large language models: a survey of their development, capabilities, and applications.Knowledge and Information Systems, 67(3):2967–3022, 2025
Yadagiri Annepaka and Partha Pakray. Large language models: a survey of their development, capabilities, and applications.Knowledge and Information Systems, 67(3):2967–3022, 2025
2025
-
[3]
A review of prominent paradigms for LLM-based agents: Tool use, planning (including RAG), and feedback learning
Xinzhe Li. A review of prominent paradigms for LLM-based agents: Tool use, planning (including RAG), and feedback learning. In Owen Rambow, Leo Wanner, Marianna Apidianaki, Hend Al-Khalifa, Barbara Di Eugenio, and Steven Schockaert, editors,Proceedings of the 31st International Conference on Computational Linguistics, pages 9760–9779, Abu Dhabi, UAE, Janu...
2025
-
[4]
Know your RAG: Dataset taxonomy and generation strategies for evaluating RAG systems
Rafael Teixeira de Lima, Shubham Gupta, Cesar Berrospi Ramis, Lokesh Mishra, Michele Dolfi, Peter Staar, and Panagiotis Vagenas. Know your RAG: Dataset taxonomy and generation strategies for evaluating RAG systems. In Owen Rambow, Leo Wanner, Marianna Apidianaki, Hend Al-Khalifa, Barbara Di Eugenio, Steven Schockaert, Kareem Darwish, and Apoorv Agarwal, e...
2025
-
[5]
MeMemo: On-device Retrieval Augmentation for Private and Personalized Text Generation
Zijie J Wang and Duen Horng Chau. MeMemo: On-device Retrieval Augmentation for Private and Personalized Text Generation. InProceedings of the 47th International ACM SIGIR Conference on Research and Development in Information Retrieval, pages 2765–2770, 2024
2024
-
[6]
Val Andrei Fajardo, David B Emerson, Amandeep Singh, Veronica Chatrath, Marcelo Lotif, Ravi Theja, Alex Cheung, and Izuki Matsuba. Fedrag: A framework for fine-tuning retrieval-augmented generation systems.arXiv preprint arXiv:2506.09200, 2025
-
[7]
A Survey on RAG Meeting LLMs: Towards Retrieval-Augmented Large Language Models
Wenqi Fan, Yujuan Ding, Liangbo Ning, Shijie Wang, Hengyun Li, Dawei Yin, Tat-Seng Chua, and Qing Li. A Survey on RAG Meeting LLMs: Towards Retrieval-Augmented Large Language Models. InProceedings of the 30th ACM SIGKDD conference on knowledge discovery and data mining, pages 6491–6501, 2024
2024
-
[8]
Pratik Sharma and Saishab Bhattarai. A Review on Retrieval-Augmented Generation: Architectures, Research Challenges, and Emerging Frontiers.Journal of Future Artificial Intelligence and Technologies, 2(4):616–628, 2026
2026
-
[9]
Yangning Li, Weizhi Zhang, Yuyao Yang, Wei-Chieh Huang, Yaozu Wu, Junyu Luo, Yuanchen Bei, Henry Peng Zou, Xiao Luo, Yusheng Zhao, Chunkit Chan, Yankai Chen, Zhongfen Deng, Yinghui Li, Hai-Tao Zheng, Dongyuan Li, Renhe Jiang, Ming Zhang, Yangqiu Song, and Philip S. Yu. A survey of RAG-reasoning systems in large language models. In Christos Christodoulopou...
2025
-
[10]
CRAG - Comprehensive RAG Benchmark
Xiao Yang, Kai Sun, Hao Xin, Yushi Sun, Nikita Bhalla, Xiangsen Chen, Sajal Choudhary, Rongze Daniel Gui, Ziran Will Jiang, Ziyu Jiang, Lingkun Kong, Brian Moran, Jiaqi Wang, Yifan Ethan Xu, An Yan, Chenyu Yang, Eting Yuan, Hanwen Zha, Nan Tang, Lei Chen, Nicolas Scheffer, Yue Liu, Nirav Shah, Rakesh Wanga, Anuj Kumar, Wen-tau Yih, and Xin Luna Dong. CRAG...
2024
-
[11]
Communication- Efficient Learning of Deep Networks from Decentralized Data
Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. Communication- Efficient Learning of Deep Networks from Decentralized Data. In Aarti Singh and Jerry Zhu, editors,Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, volume 54 ofProceedings of Machine Learning Research, pages 1273–...
2017
-
[12]
Federated Learning: Challenges, Methods, and Future Directions.IEEE Signal Processing Magazine, 37(3):50–60, 2020
Tian Li, Anit Kumar Sahu, Ameet Talwalkar, and Virginia Smith. Federated Learning: Challenges, Methods, and Future Directions.IEEE Signal Processing Magazine, 37(3):50–60, 2020
2020
-
[13]
Nguyen, Ming Ding, Pubudu N
Dinh C. Nguyen, Ming Ding, Pubudu N. Pathirana, Aruna Seneviratne, Jun Li, and H. Vincent Poor. Federated Learning for Internet of Things: A Comprehensive Survey.IEEE Communications Surveys & Tutorials, 23(3):1622–1658, 2021
2021
-
[14]
Sybil-aware adaptive defence framework for robust federated learning.Pervasive and Mobile Computing, page 102157, 2025
Dnyanesh Khedekar, Tanmaya Mahapatra, and Amitesh Singh Rajput. Sybil-aware adaptive defence framework for robust federated learning.Pervasive and Mobile Computing, page 102157, 2025
2025
-
[15]
Efficient Federated Search for Retrieval-Augmented Generation
Rachid Guerraoui, Anne-Marie Kermarrec, Diana Petrescu, Rafael Pires, Mathis Randl, and Martijn de V os. Efficient Federated Search for Retrieval-Augmented Generation. InProceedings of the 5th Workshop on Machine Learning and Systems, pages 74–81, 2025. 22 APREPRINT- JUNE25, 2026
2025
-
[16]
Adversarial Attacks on Large Language Models: A Survey
Meera Al Kuwaiti and Heba Ismail. Adversarial Attacks on Large Language Models: A Survey. InProceedings of Eighth International Conference on Information System Design and Intelligent Applications, pages 529–547. Springer, 2025
2025
-
[17]
Hanbin Hong, Shuya Feng, Nima Naderloui, Shenao Yan, Jingyu Zhang, Biying Liu, Ali Arastehfard, Heqing Huang, and Yuan Hong. SoK: Taxonomy and Evaluation of Prompt Security in Large Language Models.arXiv preprint arXiv:2510.15476, 2025
work page internal anchor Pith review arXiv 2025
-
[18]
The good and the bad: Exploring privacy issues in retrieval-augmented generation (RAG)
Shenglai Zeng, Jiankun Zhang, Pengfei He, Yiding Liu, Yue Xing, Han Xu, Jie Ren, Yi Chang, Shuaiqiang Wang, Dawei Yin, and Jiliang Tang. The good and the bad: Exploring privacy issues in retrieval-augmented generation (RAG). In Lun-Wei Ku, Andre Martins, and Vivek Srikumar, editors,Findings of the Association for Computational Linguistics: ACL 2024, pages...
2024
-
[19]
Surveying the RAG Attack Surface and Defenses: Protecting Sensitive Company Data
Lynn V onderhaar, Daniel Machado, and Omar Ochoa. Surveying the RAG Attack Surface and Defenses: Protecting Sensitive Company Data. In2025 IEEE International Conference on Artificial Intelligence Testing (AITest), pages 69–76, 2025
2025
-
[20]
SafeRAG: Benchmarking security in retrieval-augmented generation of large language model
Xun Liang, Simin Niu, Zhiyu Li, Sensen Zhang, Hanyu Wang, Feiyu Xiong, Zhaoxin Fan, Bo Tang, Jihao Zhao, Jiawei Yang, Shichao Song, and Mengwei Wang. SafeRAG: Benchmarking security in retrieval-augmented generation of large language model. In Wanxiang Che, Joyce Nabende, Ekaterina Shutova, and Mohammad Taher Pilehvar, editors,Proceedings of the 63rd Annua...
2025
-
[21]
Retrieval-Augmented Generation: A Survey of Security Challenges and Countermeasures
Chao Wang, Haonan Li, Weijian Song, and Yiyang Lin. Retrieval-Augmented Generation: A Survey of Security Challenges and Countermeasures. In2025 11th IEEE International Conference on Privacy Computing and Data Security (PCDS), pages 210–217, 2025
2025
-
[22]
{PoisonedRAG}: Knowledge corruption attacks to {Retrieval-Augmented} generation of large language models
Wei Zou, Runpeng Geng, Binghui Wang, and Jinyuan Jia. {PoisonedRAG}: Knowledge corruption attacks to {Retrieval-Augmented} generation of large language models. In34th USENIX Security Symposium (USENIX Security 25), pages 3827–3844, 2025
2025
-
[23]
Traceback of Poisoning Attacks to Retrieval-Augmented Generation
Baolei Zhang, Haoran Xin, Minghong Fang, Zhuqing Liu, Biao Yi, Tong Li, and Zheli Liu. Traceback of Poisoning Attacks to Retrieval-Augmented Generation. InProceedings of the ACM on Web Conference 2025, pages 2085–2097, 2025
2025
-
[24]
Jiaqi Xue, Mengxin Zheng, Yebowen Hu, Fei Liu, Xun Chen, and Qian Lou. BadRAG: Identifying Vulnerabilities in Retrieval Augmented Generation of Large Language Models.arXiv preprint arXiv:2406.00083, 2024
-
[25]
Luan, Siran Wang, and Yuntao Wang
Yuan Chang, Tom H. Luan, Siran Wang, and Yuntao Wang. SafeRAG: Secure Cloud-Based Retrieval-Augmented Generation for LLM-Empowered V oice Assistants.IEEE Transactions on Network Science and Engineering, 13:6211–6224, 2026
2026
-
[26]
Privacy-Aware RAG-Enabled LLMs for Collaborative AI in Organizations
Georgios Fragkos, Bradley Marx, Sasha Safonov, Robert Manley, Winnie Patta, and Shelby Hiens. Privacy-Aware RAG-Enabled LLMs for Collaborative AI in Organizations. In2025 Cyber Awareness and Research Symposium (CARS), pages 1–8, 2025
2025
-
[27]
Trusted Execution Environments: Properties, Applications, and Challenges.IEEE Security & Privacy, 18(2):56–60, 2020
Patrick Jauernig, Ahmad-Reza Sadeghi, and Emmanuel Stapf. Trusted Execution Environments: Properties, Applications, and Challenges.IEEE Security & Privacy, 18(2):56–60, 2020
2020
-
[28]
Ai on the edge: a comprehensive review
Weixing Su, Linfeng Li, Fang Liu, Maowei He, and Xiaodan Liang. Ai on the edge: a comprehensive review. Artificial Intelligence Review, 55(8):6125–6183, 2022
2022
-
[29]
A Survey of AI Inference Technologies for On-Device Systems.IEEE Internet of Things Journal, 12(24):51927–51950, 2025
Wenzhu Wang, Ke Li, Bin Ji, Xiaodong Liu, Jie Yu, and Qingbo Wu. A Survey of AI Inference Technologies for On-Device Systems.IEEE Internet of Things Journal, 12(24):51927–51950, 2025
2025
-
[30]
Towards On-device Personalization: Cloud-device Collaborative Data Augmentation for Efficient On-device Language Model.ACM Transactions on Intelligent Systems and Technology, 2025
Zhaofeng Zhong, Wei Yuan, Liang Qu, Tong Chen, Hao Wang, Xiangyu Zhao, and Hongzhi Yin. Towards On-device Personalization: Cloud-device Collaborative Data Augmentation for Efficient On-device Language Model.ACM Transactions on Intelligent Systems and Technology, 2025
2025
-
[31]
Bo Ni, Zheyuan Liu, Leyao Wang, Yongjia Lei, Yuying Zhao, Xueqi Cheng, Qingkai Zeng, Luna Dong, Yinglong Xia, Krishnaram Kenthapadi, et al. Towards Trustworthy Retrieval Augmented Generation for Large Language Models: A Survey.arXiv preprint arXiv:2502.06872, 2025
-
[32]
Federated retrieval-augmented generation: A systematic mapping study
Abhijit Chakraborty, Chahana Dahal, and Vivek Gupta. Federated retrieval-augmented generation: A systematic mapping study. In Christos Christodoulopoulos, Tanmoy Chakraborty, Carolyn Rose, and Violet Peng, editors, Findings of the Association for Computational Linguistics: EMNLP 2025, pages 7362–7374, Suzhou, China, November 2025. Association for Computat...
2025
-
[33]
Chien Van Nguyen, Xuan Shen, Ryan Aponte, Yu Xia, Samyadeep Basu, Zhengmian Hu, Jian Chen, Mihir Parmar, Sasidhar Kunapuli, Joe Barrow3, Junda Wu, Ashish Singh, Yu Wang, Jiuxiang Gu, Nesreen K. Ahmed, Nedim Lipka, Ruiyi Zhang, Xiang Chen, Tong Yu, Sungchul Kim, Hanieh Deilamsalehy, Namyong Park, Michael Rimer, Zhehao Zhang, Huanrui Yang, Puneet Mathur, Ga...
2025
-
[34]
The Language Model Revolution: LLM and SLM Analysis
Zeynep Örpek, Bü¸ sra Tural, and Zeynep Destan. The Language Model Revolution: LLM and SLM Analysis. In 2024 8th International Artificial Intelligence and Data Processing Symposium (IDAP), pages 1–4, 2024
2024
-
[35]
Edge ai: A comprehensive survey of technologies, applications, and challenges
Vasuki Shankar. Edge ai: A comprehensive survey of technologies, applications, and challenges. In2024 1st International Conference on Advanced Computing and Emerging Technologies (ACET), pages 1–6, 2024
2024
-
[36]
Federated Learning and RAG Integration: A Scalable Approach for Medical Large Language Models
Jincheol Jung, Hongju Jeong, and Eui-Nam Huh. Federated Learning and RAG Integration: A Scalable Approach for Medical Large Language Models. In2025 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), pages 0968–0973, 2025
2025
-
[37]
A Survey of Retrieval-Augmented Generation (RAG) for Large Language Models
Yusong Ma, Hongxuan Nie, Chao Chen, Jiujie Zhang, Jiali Jiang, Bisheng Wang, and Yuqin Xia. A Survey of Retrieval-Augmented Generation (RAG) for Large Language Models. In2025 International Conference on Trustworthy Big Data and Artificial Intelligence (ICTBAI), pages 7–13, 2025
2025
-
[38]
Graph-Based Approaches and Functionalities in Retrieval-Augmented Generation: A Comprehensive Survey.ACM Computing Surveys, 2025
Zulun Zhu, Tiancheng Huang, Kai Wang, Junda Ye, Xinghe Chen, and Siqiang Luo. Graph-Based Approaches and Functionalities in Retrieval-Augmented Generation: A Comprehensive Survey.ACM Computing Surveys, 2025
2025
-
[39]
Andrew Brown, Muhammad Roman, and Barry Devereux. A systematic literature review of retrieval-augmented generation: Techniques, metrics, and challenges.arXiv preprint arXiv:2508.06401, 2025
-
[40]
Cody Clop and Yannick Teglia. Backdoored Retrievers for Prompt Injection Attacks on Retrieval Augmented Generation of Large Language Models.arXiv preprint arXiv:2410.14479, 2024
-
[41]
Saidakhror Gulyamov, Said Gulyamov, Andrey Rodionov, Rustam Khursanov, Kambariddin Mekhmonov, Djakhongir Babaev, and Akmaljon Rakhimjonov. Prompt injection attacks in large language models and ai agent systems: A comprehensive review of vulnerabilities, attack vectors, and defense mechanisms.Information, 17(1):54, 2026
2026
-
[42]
The Hidden Threat in Plain Text: Attacking RAG Data Loaders
Alberto Castagnaro, Umberto Salviati, Mauro Conti, Luca Pajola, and Simeone Pizzi. The Hidden Threat in Plain Text: Attacking RAG Data Loaders. InProceedings of the 18th ACM Workshop on Artificial Intelligence and Security, pages 170–181, 2025
2025
-
[43]
RAG LLMs are not safer: A safety analysis of retrieval-augmented generation for large language models
Bang An, Shiyue Zhang, and Mark Dredze. RAG LLMs are not safer: A safety analysis of retrieval-augmented generation for large language models. In Luis Chiruzzo, Alan Ritter, and Lu Wang, editors,Proceedings of the 2025 Conference of the Nations of the Americas Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1:...
2025
-
[45]
Alignment faking in large language models
Ryan Greenblatt, Carson Denison, Benjamin Wright, Fabien Roger, Monte MacDiarmid, Sam Marks, Johannes Treutlein, Tim Belonax, Jack Chen, David Duvenaud, et al. ALIGNMENT FAKING IN LARGE LANGUAGE MODELS.arXiv preprint arXiv:2412.14093, 2024
work page internal anchor Pith review Pith/arXiv arXiv 2024
-
[46]
Visual contextual attack: Jailbreaking MLLMs with image-driven context injection
Miao Ziqi, Yi Ding, Lijun Li, and Jing Shao. Visual contextual attack: Jailbreaking MLLMs with image-driven context injection. In Christos Christodoulopoulos, Tanmoy Chakraborty, Carolyn Rose, and Violet Peng, editors, Proceedings of the 2025 Conference on Empirical Methods in Natural Language Processing, pages 9627–9644, Suzhou, China, November 2025. Ass...
2025
-
[47]
Shaping the safety boundaries: Understanding and defending against jailbreaks in large language models
Lang Gao, Jiahui Geng, Xiangliang Zhang, Preslav Nakov, and Xiuying Chen. Shaping the safety boundaries: Understanding and defending against jailbreaks in large language models. In Wanxiang Che, Joyce Nabende, Ekaterina Shutova, and Mohammad Taher Pilehvar, editors,Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Vo...
-
[48]
Association for Computational Linguistics
-
[49]
Retrieval Poisoning Attacks Based on Prompt Injections into Retrieval-Augmented Generation Systems that Store Generated Responses
Yegor Anichkov, Victor Popov, and Sergey Bolovtsov. Retrieval Poisoning Attacks Based on Prompt Injections into Retrieval-Augmented Generation Systems that Store Generated Responses. InInternational Conference on Distributed Computer and Communication Networks, pages 417–429. Springer, 2024
2024
-
[50]
Guangyu Yang, Jinghong Chen, Jingbiao Mei, Weizhe Lin, and Bill Byrne. Retrieval-augmented defense: Adaptive and controllable jailbreak prevention for large language models.arXiv preprint arXiv:2508.16406, 2025. 24 APREPRINT- JUNE25, 2026
-
[51]
LatentPoison - Adversarial Attacks On The Latent Space
Antonia Creswell, Anil A Bharath, and Biswa Sengupta. LatentPoison - Adversarial Attacks On The Latent Space.arXiv preprint arXiv:1711.02879, 2017
work page internal anchor Pith review Pith/arXiv arXiv 2017
-
[52]
Black-box Adversarial Attacks against Dense Retrieval Models: A Multi-view Contrastive Learning Method
Yu-An Liu, Ruqing Zhang, Jiafeng Guo, Maarten de Rijke, Wei Chen, Yixing Fan, and Xueqi Cheng. Black-box Adversarial Attacks against Dense Retrieval Models: A Multi-view Contrastive Learning Method. InProceedings of the 32nd ACM International Conference on Information and Knowledge Management, pages 1647–1656, 2023
2023
-
[53]
Mask-based Membership Inference Attacks for Retrieval- Augmented Generation
Mingrui Liu, Sixiao Zhang, and Cheng Long. Mask-based Membership Inference Attacks for Retrieval- Augmented Generation. InProceedings of the ACM on Web Conference 2025, pages 2894–2907, 2025
2025
-
[54]
Flippedrag: Black-box opinion manipulation adversarial attacks to retrieval-augmented generation models
Zhuo Chen, Yuyang Gong, Jiawei Liu, Miaokun Chen, Haotan Liu, Qikai Cheng, Fan Zhang, Wei Lu, and Xi- aozhong Liu. Flippedrag: Black-box opinion manipulation adversarial attacks to retrieval-augmented generation models. InProceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security, pages 4109–4123, 2025
2025
-
[55]
Membership Inference Attacks Against Machine Learning Models
Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. Membership Inference Attacks Against Machine Learning Models. In2017 IEEE Symposium on Security and Privacy (SP), pages 3–18, 2017
2017
-
[56]
Baolei Zhang, Yuxi Chen, Zhuqing Liu, Lihai Nie, Tong Li, Zheli Liu, and Minghong Fang. Practical Poisoning Attacks against Retrieval-Augmented Generation.arXiv preprint arXiv:2504.03957, 2025
-
[57]
Drift Detection in Text Data with Document Embeddings
Robert Feldhans, Adrian Wilke, Stefan Heindorf, Mohammad Hossein Shaker, Barbara Hammer, Axel-Cyrille Ngonga Ngomo, and Eyke Hüllermeier. Drift Detection in Text Data with Document Embeddings. InIn- ternational Conference on Intelligent Data Engineering and Automated Learning, pages 107–118. Springer, 2021
2021
-
[58]
Enhancing adversarial resilience in semantic caching for secure retrieval augmented generation systems.Scientific Reports, 16(1):5936, 2026
Mohanad Afiffy, Mohamed Waleed Fakhr, and Fahima A Maghraby. Enhancing adversarial resilience in semantic caching for secure retrieval augmented generation systems.Scientific Reports, 16(1):5936, 2026
2026
-
[59]
Jinyan Su, Jin Peng Zhou, Zhengxin Zhang, Preslav Nakov, and Claire Cardie. Towards More Robust Retrieval- Augmented Generation: Evaluating RAG Under Adversarial Poisoning Attacks.arXiv preprint arXiv:2412.16708, 2024
-
[60]
Jerry Wang and Fang Yu. DeRAG: Black-box Adversarial Attacks on Multiple Retrieval-Augmented Generation Applications via Prompt Injection.arXiv preprint arXiv:2507.15042, 2025
-
[61]
Liu, Kevin Lin, John Hewitt, Ashwin Paranjape, Michele Bevilacqua, Fabio Petroni, and Percy Liang
Nelson F. Liu, Kevin Lin, John Hewitt, Ashwin Paranjape, Michele Bevilacqua, Fabio Petroni, and Percy Liang. Lost in the middle: How language models use long contexts.Transactions of the Association for Computational Linguistics, 12:157–173, 2024
2024
-
[62]
Out-of-context and out-of-scope: Manip- ulating large language models through minimal instruction set modifications.PLoS One, 21(2):e0341558, 2026
Monty-Maximilian Zühlke, Daniel Kudenko, and Wolfgang Nejdl. Out-of-context and out-of-scope: Manip- ulating large language models through minimal instruction set modifications.PLoS One, 21(2):e0341558, 2026
2026
-
[63]
Chi, Nathanael Schärli, and Denny Zhou
Freda Shi, Xinyun Chen, Kanishka Misra, Nathan Scales, David Dohan, Ed H. Chi, Nathanael Schärli, and Denny Zhou. Large Language Models Can Be Easily Distracted by Irrelevant Context. In Andreas Krause, Emma Brunskill, Kyunghyun Cho, Barbara Engelhardt, Sivan Sabato, and Jonathan Scarlett, editors,Proceedings of the 40th International Conference on Machin...
2023
-
[64]
Knowledge conflicts for LLMs: A survey
Rongwu Xu, Zehan Qi, Zhijiang Guo, Cunxiang Wang, Hongru Wang, Yue Zhang, and Wei Xu. Knowledge conflicts for LLMs: A survey. In Yaser Al-Onaizan, Mohit Bansal, and Yun-Nung Chen, editors,Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, pages 8541–8565, Miami, Florida, USA, November 2024. Association for Computationa...
2024
-
[65]
When not to trust language models: Investigating effectiveness of parametric and non-parametric memories
Alex Mallen, Akari Asai, Victor Zhong, Rajarshi Das, Daniel Khashabi, and Hannaneh Hajishirzi. When not to trust language models: Investigating effectiveness of parametric and non-parametric memories. In Anna Rogers, Jordan Boyd-Graber, and Naoaki Okazaki, editors,Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics (Vol...
2023
-
[66]
Adversarial and Multilingual Threats in Retrieval-Augmented Generation: From Prompt Injection to Model Exploitation
Basma ElSaify and Mohamed Baderelden. Adversarial and Multilingual Threats in Retrieval-Augmented Generation: From Prompt Injection to Model Exploitation. In2025 2nd International Generative AI and Computational Language Modelling Conference (GACLM), pages 155–162, 2025
2025
-
[67]
Enhancing noise robustness of retrieval-augmented language models with adaptive adversarial training
Feiteng Fang, Yuelin Bai, Shiwen Ni, Min Yang, Xiaojun Chen, and Ruifeng Xu. Enhancing noise robustness of retrieval-augmented language models with adaptive adversarial training. In Lun-Wei Ku, Andre Martins, and Vivek Srikumar, editors,Proceedings of the 62nd Annual Meeting of the Association for Computational 25 APREPRINT- JUNE25, 2026 Linguistics (Volu...
2026
-
[68]
Information Leakage in Embedding Models
Congzheng Song and Ananth Raghunathan. Information Leakage in Embedding Models. InProceedings of the 2020 ACM SIGSAC conference on computer and communications security, pages 377–390, 2020
2020
-
[69]
Reverse engineering convolutional neural networks through side-channel information leaks
Weizhe Hua, Zhiru Zhang, and G Edward Suh. Reverse engineering convolutional neural networks through side-channel information leaks. InProceedings of the 55th Annual Design Automation Conference, pages 1–6, 2018
2018
-
[70]
Deep learning model inversion attacks and defenses: a comprehensive survey.Artificial Intelligence Review, 58(8):242, 2025
Wencheng Yang, Song Wang, Di Wu, Taotao Cai, Yanming Zhu, Shicheng Wei, Yiying Zhang, Xu Yang, Zhaohui Tang, and Yan Li. Deep learning model inversion attacks and defenses: a comprehensive survey.Artificial Intelligence Review, 58(8):242, 2025
2025
-
[71]
Federated retrieval augmented generation for multi-product question answering
Parshin Shojaee, Sai Sree Harsha, Dan Luo, Akash Maharaj, Tong Yu, and Yunyao Li. Federated retrieval augmented generation for multi-product question answering. In Owen Rambow, Leo Wanner, Marianna Apidianaki, Hend Al-Khalifa, Barbara Di Eugenio, Steven Schockaert, Kareem Darwish, and Apoorv Agarwal, editors,Proceedings of the 31st International Conferenc...
2025
-
[72]
The Limitations of Federated Learning in Sybil Settings
Clement Fung, Chris JM Yoon, and Ivan Beschastnikh. The Limitations of Federated Learning in Sybil Settings. In23rd International symposium on research in attacks, intrusions and defenses (RAID 2020), pages 301–316, 2020
2020
-
[73]
Federated Retrieval- Augmented Generation-Based LLM for Enhanced Cyber Threat Detection in the Internet-of-Energy.IEEE Network, 40(1):13–19, 2026
Tianxing Fu, Jia Hu, Geyong Min, Sunder Ali Khowaja, Keshav Singh, and Kapal Dev. Federated Retrieval- Augmented Generation-Based LLM for Enhanced Cyber Threat Detection in the Internet-of-Energy.IEEE Network, 40(1):13–19, 2026
2026
-
[74]
Sybil Attacks and Defense on Differential Privacy based Federated Learning
Yupeng Jiang, Yong Li, Yipeng Zhou, and Xi Zheng. Sybil Attacks and Defense on Differential Privacy based Federated Learning. In2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pages 355–362, 2021
2021
-
[75]
A Survey of Federated Learning: Advances in Architecture, Synchronization, and Security Threats.Computers, Materials & Continua, 86(3), 2026
Faisal Mahmud, Fahim Mahmud, and Rashedur M Rahman. A Survey of Federated Learning: Advances in Architecture, Synchronization, and Security Threats.Computers, Materials & Continua, 86(3), 2026
2026
-
[76]
Privacy protection in RAG: A novel method and evaluation framework.Information Processing & Management, 63(3):104505, 2026
Yuan Zhang, Jionghan Wu, Rui Li, Tong Zhang, Yujie Song, Chuanyi Li, Shangqi Wang, Hao Shen, Jiao Yin, Jidong Ge, and Bin Luo. Privacy protection in RAG: A novel method and evaluation framework.Information Processing & Management, 63(3):104505, 2026
2026
-
[77]
Efficient Byzantine-Robust and Privacy-Preserving Federated Learning on Compressive Domain.IEEE Internet of Things Journal, 11(4):7116–7127, 2024
Guiqiang Hu, Hongwei Li, Wenshu Fan, and Yushu Zhang. Efficient Byzantine-Robust and Privacy-Preserving Federated Learning on Compressive Domain.IEEE Internet of Things Journal, 11(4):7116–7127, 2024
2024
-
[78]
Fali Wang, Zhiwei Zhang, Xianren Zhang, Zongyu Wu, Tzuhao Mo, Qiuhao Lu, Wanjing Wang, Rui Li, Junjie Xu, Xianfeng Tang, et al. A Comprehensive Survey of Small Language Models in the Era of Large Language Models: Techniques, Enhancements, Applications, Collaboration with LLMs, and Trustworthiness.ACM Transactions on Intelligent Systems and Technology, 16(...
2025
-
[79]
RAG-Guardrails Integration for AI Content Control
Rakesh More. RAG-Guardrails Integration for AI Content Control. InProceedings of the 2025 18th International Conference on Computer Science and Information Technology, pages 260–268, 2025
2025
-
[80]
Innovative Guardrails for Generative AI: Designing an Intelligent Filter for Safe and Responsible LLM Deployment.Applied Sciences, 15(13):7298, 2025
Olga Shvetsova, Danila Katalshov, and Sang-Kon Lee. Innovative Guardrails for Generative AI: Designing an Intelligent Filter for Safe and Responsible LLM Deployment.Applied Sciences, 15(13):7298, 2025
2025
-
[81]
Guardrails for Large Language Models: A Review of Techniques and Challenges.J Artif Intell Mach Learn & Data Sci, 3(1):2504–2512, 2025
Syed Arham Akheel. Guardrails for Large Language Models: A Review of Techniques and Challenges.J Artif Intell Mach Learn & Data Sci, 3(1):2504–2512, 2025
2025
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.