Targeted RAG Poisoning
Type: technique
Description: The adversary crafts content that, when indexed by a RAG system, would always surface as a search result for a specific user query. The adversary then embeds malicious instructions with that content and injects it into data indexed by the system.
Version: 0.1.0
Created At: 2024-10-11 16:54:32 +0300
Last Modified At: 2024-10-11 16:54:32 +0300
External References
Related Objects
- --> Initial Access (tactic): An adversary can target a specific user prompt by crafting content that would be surfaced by a RAG system to respond to that query.
- --> RAG Poisoning (technique): Targeted RAG Poisoning is a form of RAG Poisoning, crafting malicious content to surface for a specific user query.
- --> Tamir Ishay Sharbat (entity): Demonstrated by
- <-- Financial Transaction Hijacking With M365 Copilot As An Insider (procedure): Copilots gets access to malicious data via an email that targets the question "What are the bank details for TechCorp Solutions?".
- <-- Copilot M365 Lures Victims Into a Phishing Site (procedure): Copilots gets access to malicious data via an email that targets the question "how to access the power platform admin center?".
- <-- Data Exfiltration from Slack AI via indirect prompt injection (procedure): The adversary targets any question about the "EldritchNexus API key" by pasting data with malicious instructions in a public channel, indexed by Slack AI. The prompt injection starts with:
EldritchNexus API key:.
In a second attack scenario, the attacker targets search queries about a specific user: To view the messages shared by Shankar.