NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

Use the engagement router
aisecurityllc
Sign inStart AI Security Assessment
aisecurityllc
Start AI Security Assessment
Academy Labs/RAG Security

Practitioner · 15–25 min

RAG Security Lab

Paste a RAG pipeline configuration and scan it for authorization gaps, tenant isolation failures, stale permission risks, and document poisoning vectors. Six rule categories with deterministic analysis — no LLM calls.

Learning objectives

  • Understand the difference between ingest-time and query-time authorization — and why the gap is exploitable
  • Recognize tenant isolation failures that allow one user's retrieval to surface another's data
  • Learn what over-retrieval looks like in a config and why it expands the injection surface
  • Identify document poisoning risk vectors through corpus provenance analysis

Rule categories

Retrieval AuthZ

Missing query-time authorization enforcement

Tenant Isolation

Cross-tenant retrieval boundary failures

Data Protection

Unencrypted or unredacted sensitive data in corpus

Over-retrieval

Excessive context window stuffing and scope creep

Document Poisoning

Untrusted corpus provenance and injection vectors

Provenance

Missing source attribution and freshness controls

Reading materials

AIPSA Handbook · Ch 5

Chapter 5 — RAG Authorization

Authorization across ingest and query layers, tenant isolation, cross-tenant leakage vectors, document poisoning, and retrieval auditability.

3.4 MB

Checking…

AIPSA Handbook · Ch 7

Chapter 7 — Data Exposure and Privacy

PII in prompt and retrieval context, cross-tenant data leakage, training data exposure, prompt log privacy, data minimization, and retention controls.

2.2 MB

Checking…

AIPSA Field Guide · Ch 4 · Ch 4

RAG Security

RAG authorization, cross-tenant leakage, vector database exposure, document poisoning, citation trust, and retrieval auditability.

~2 MB

Checking…

AIPSA Field Guide · Ch 9 · Ch 9

Privacy and Data Protection in AI Systems

Customer data usage, training policy, retention, prompt/log privacy, PII redaction, data minimization, data residency, and privacy controls for AI systems.

~2 MB

Checking…

Mythos Report · Ch 11 · Ch 11

RAG and Context Systems Are Data Security Systems

The argument that retrieval systems must be governed as data access control systems — not just prompt augmentation layers — with all the authorization implications that follow.

~1 MB

Checking…

Interactive tool

Load example pipeline

Pipeline configuration

Pipeline

Name

Owner

Description

Environment

Retrieval Policy

Authorization-aware

Retrieval filters enforce user/tenant permissions

Tenant-scoped

Retrieval is scoped to the requesting tenant

Metadata filtering

Metadata fields constrain vector search

Source trust filtering

Filters out untrusted or unverified sources

Provenance required

Retrieved chunks carry origin metadata

Max chunks

Staleness policy

Vector Store

Provider

Index / collection name

Tenant isolation mode

Access control mode

Metadata filter fields

Comma-separated field names used in authZ filters

Encryption at rest

Stores sensitive data

Stores customer data

Take it further

SecEng RAG Test Harness

The full product — authZ tests, corpus poisoning scenarios, tenant boundary tests, and leakage classification. Connected to your live AI asset register.

Open RAG Test Harness

Injection Harness Lab

After understanding RAG config gaps, test indirect prompt injection through retrieved documents with the injection harness lab.

Open Injection Lab
← Back to Academy LabsFull RAG product