Visual Poisoning Attacks on RAG Systems

Visual Poisoning Attacks on RAG Systems

How a single malicious image can compromise document retrieval systems

This research reveals how multimodal retrieval augmented generation (M-RAG) systems can be compromised through poisoning attacks using just one carefully crafted image.

  • Demonstrates a universal denial-of-service attack that targets visual document retrieval applications
  • Shows how attackers can inject a single malicious image that gets retrieved for any user query
  • Proves the vulnerability exists across different retrieval systems and embedding models
  • Highlights significant security risks in systems that rely on visual document knowledge bases

This research is critical for security professionals as M-RAG systems become increasingly common in enterprise applications, revealing an urgent need for robust defense mechanisms against visual poisoning attacks.

One Pic is All it Takes: Poisoning Visual Document Retrieval Augmented Generation with a Single Image

22 | 27