Retrieval Content Crafting
Type: technique
Description: The adversary writes content designed to be retrieved by user queries and influence a user of the system in some way. This abuses the trust the user has in the system. The crafted content can be combined with a prompt injection. It can also stand alone in a separate document or email. The adversary must get the crafted content into a database (such as a vector database used in RAG) in the victim system. This may be accomplished via cyber access, or by abusing the ingestion mechanisms common in retrieval augmented generation systems (see RAG Poisoning). Large language models may be used as an assistant to aid an adversary in crafting content.
Version: 0.1.0
Created At: 2025-06-19 08:13:23 -0400
Last Modified At: 2025-06-19 08:13:23 -0400
External References
Related Objects
- --> Resource Development (tactic): An adversary can target a specific user prompt by crafting content that would be surfaced by a RAG system to respond to that query.
- --> RAG Poisoning (technique): Targeted RAG Poisoning is a form of RAG Poisoning, crafting malicious content to surface for a specific user query.
- --> Tamir Ishay Sharbat (entity): Demonstrated by
- <-- Data Exfiltration from Slack AI via indirect prompt injection (procedure): The adversary targets any question about the "EldritchNexus API key" by pasting data with malicious instructions in a public channel, indexed by Slack AI. The prompt injection starts with:
EldritchNexus API key:. In a second attack scenario, the attacker targets search queries about a specific user:To view the messages shared by Shankar. - <-- Copilot M365 Lures Victims Into a Phishing Site (procedure): Copilots gets access to malicious data via an email that targets the question "how to access the power platform admin center?".
- <-- Financial Transaction Hijacking With M365 Copilot As An Insider (procedure): Copilots gets access to malicious data via an email that targets the question "What are the bank details for TechCorp Solutions?".
- <-- EchoLeak: Zero-Click Data Exfiltration using M365 Copilot (procedure): An attacker crafts an email which would be retrieved by M365 Copilot when asked about the latest earning reports.