This research reveals critical security vulnerabilities in Retrieval-Augmented Generation (RAG) systems by demonstrating how backdoor attacks can extract sensitive information from knowledge databases.

• Identifies a new attack vector through backdoored embeddings rather than prompt injection
• Shows how attackers can systematically extract private data from RAG systems
• Demonstrates these attacks work even with restricted LLM interfaces
• Highlights serious privacy implications as RAG systems become more widely deployed

This work is crucial for security professionals as it exposes fundamental vulnerabilities in systems increasingly used to handle sensitive corporate and personal data, requiring urgent attention to develop effective countermeasures.

Data Extraction Attacks in Retrieval-Augmented Generation via Backdoors