Saved in:
Bibliographic Details
Main Authors: Xu, Yuming, Zhang, Mingtao, Ge, Zhuohan, Li, Haoyang, Hu, Nicole, Zhang, Yongqi, Wen, Zhiyuan, Zhang, Jason Chen, Li, Qing, Chen, Lei
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.08304
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914608261890048
author Xu, Yuming
Zhang, Mingtao
Ge, Zhuohan
Li, Haoyang
Hu, Nicole
Zhang, Yongqi
Wen, Zhiyuan
Zhang, Jason Chen
Li, Qing
Chen, Lei
author_facet Xu, Yuming
Zhang, Mingtao
Ge, Zhuohan
Li, Haoyang
Hu, Nicole
Zhang, Yongqi
Wen, Zhiyuan
Zhang, Jason Chen
Li, Qing
Chen, Lei
contents Retrieval-augmented generation (RAG) extends large language models (LLMs) with external knowledge, but this access path also introduces security risks that existing work often conflates with inherent LLM flaws. We frame secure RAG as securing external knowledge access and organize the literature with SLOT, a taxonomy along four axes: the attack Surface (S) where an adversary acts, the defense Layer (L) that controls the same point, the Objective (O) it breaks following the CIA properties, and the Target (T) it pursues, from a single known query (T1) to target-claim manipulation across a query distribution (T2). Mapping attacks, defenses, remediation, and evaluation onto a six-stage knowledge-access pipeline, we expose two structural mismatches. Finally, we discuss directions for more realistic targets, no-blind-spot and adaptively evaluated defenses, stronger confidentiality, and evaluation for multimodal and agentic RAG.
format Preprint
id arxiv_https___arxiv_org_abs_2604_08304
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Securing Retrieval-Augmented Generation: A Taxonomy of Attacks, Defenses, and Future Directions
Xu, Yuming
Zhang, Mingtao
Ge, Zhuohan
Li, Haoyang
Hu, Nicole
Zhang, Yongqi
Wen, Zhiyuan
Zhang, Jason Chen
Li, Qing
Chen, Lei
Cryptography and Security
Artificial Intelligence
Retrieval-augmented generation (RAG) extends large language models (LLMs) with external knowledge, but this access path also introduces security risks that existing work often conflates with inherent LLM flaws. We frame secure RAG as securing external knowledge access and organize the literature with SLOT, a taxonomy along four axes: the attack Surface (S) where an adversary acts, the defense Layer (L) that controls the same point, the Objective (O) it breaks following the CIA properties, and the Target (T) it pursues, from a single known query (T1) to target-claim manipulation across a query distribution (T2). Mapping attacks, defenses, remediation, and evaluation onto a six-stage knowledge-access pipeline, we expose two structural mismatches. Finally, we discuss directions for more realistic targets, no-blind-spot and adaptively evaluated defenses, stronger confidentiality, and evaluation for multimodal and agentic RAG.
title Securing Retrieval-Augmented Generation: A Taxonomy of Attacks, Defenses, and Future Directions
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2604.08304