Salvato in:
Dettagli Bibliografici
Autori principali: Di Maio, Christian, Cosci, Cristian, Maggini, Marco, Poggioni, Valentina, Melacci, Stefano
Natura: Preprint
Pubblicazione: 2024
Soggetti:
Accesso online:https://arxiv.org/abs/2412.18295
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866913628589916160
author Di Maio, Christian
Cosci, Cristian
Maggini, Marco
Poggioni, Valentina
Melacci, Stefano
author_facet Di Maio, Christian
Cosci, Cristian
Maggini, Marco
Poggioni, Valentina
Melacci, Stefano
contents The growing ubiquity of Retrieval-Augmented Generation (RAG) systems in several real-world services triggers severe concerns about their security. A RAG system improves the generative capabilities of a Large Language Models (LLM) by a retrieval mechanism which operates on a private knowledge base, whose unintended exposure could lead to severe consequences, including breaches of private and sensitive information. This paper presents a black-box attack to force a RAG system to leak its private knowledge base which, differently from existing approaches, is adaptive and automatic. A relevance-based mechanism and an attacker-side open-source LLM favor the generation of effective queries to leak most of the (hidden) knowledge base. Extensive experimentation proves the quality of the proposed algorithm in different RAG pipelines and domains, comparing to very recent related approaches, which turn out to be either not fully black-box, not adaptive, or not based on open-source models. The findings from our study remark the urgent need for more robust privacy safeguards in the design and deployment of RAG systems.
format Preprint
id arxiv_https___arxiv_org_abs_2412_18295
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Pirates of the RAG: Adaptively Attacking LLMs to Leak Knowledge Bases
Di Maio, Christian
Cosci, Cristian
Maggini, Marco
Poggioni, Valentina
Melacci, Stefano
Artificial Intelligence
The growing ubiquity of Retrieval-Augmented Generation (RAG) systems in several real-world services triggers severe concerns about their security. A RAG system improves the generative capabilities of a Large Language Models (LLM) by a retrieval mechanism which operates on a private knowledge base, whose unintended exposure could lead to severe consequences, including breaches of private and sensitive information. This paper presents a black-box attack to force a RAG system to leak its private knowledge base which, differently from existing approaches, is adaptive and automatic. A relevance-based mechanism and an attacker-side open-source LLM favor the generation of effective queries to leak most of the (hidden) knowledge base. Extensive experimentation proves the quality of the proposed algorithm in different RAG pipelines and domains, comparing to very recent related approaches, which turn out to be either not fully black-box, not adaptive, or not based on open-source models. The findings from our study remark the urgent need for more robust privacy safeguards in the design and deployment of RAG systems.
title Pirates of the RAG: Adaptively Attacking LLMs to Leak Knowledge Bases
topic Artificial Intelligence
url https://arxiv.org/abs/2412.18295