Gather RAG-Indexed Targets

Type: technique

Description: Adversaries may identify data sources used in retrieval augmented generation (RAG) systems for targeting purposes. By pinpointing these sources, attackers can focus on poisoning or otherwise manipulating the external data repositories the AI relies on. RAG-indexed data may be identified in public documentation about the system, or by interacting with the system directly and observing any indications of or references to external data sources.

Version: 0.1.0

Created At: 2025-03-04 10:27:40 -0500

Last Modified At: 2025-03-04 10:27:40 -0500

External References

--> Reconnaissance (tactic): An adversary could gather intelligence about GenAI systems to find vulnerabilities related to external data sources it uses and perform subsequent attacks that exploit these dependencies, such as data poisoning or indirect prompt injections.

GenAI Attacks Matrix

Gather RAG-Indexed Targets

External References

Related Objects

Related Frameworks