CtrlRAG demonstrates how adversaries can manipulate RAG systems by injecting malicious content into knowledge bases, compromising the security of retrieval-augmented LLMs.

• Identifies a significant security vulnerability in RAG architectures
• Proposes a black-box attack method that aligns with real-world threat scenarios
• Tests attack efficacy across multiple RAG implementations
• Evaluates potential defense mechanisms against such attacks

This research highlights an urgent security concern as organizations increasingly adopt RAG systems to enhance LLM capabilities with external knowledge sources, revealing how retrieval mechanisms can become attack vectors for adversaries.

CtrlRAG: Black-box Adversarial Attacks Based on Masked Language Models in Retrieval-Augmented Language Generation