Retrieval poisoning attack based on prompt injections to Retrieval-Augmented Generation with Active Database

Retrieval-Augmented Generation (RAG) is a technique that enables to mitigate the limitations of LLM-based intelligent systems, such as knowledge obsolescence, hallucinations during text generation and the lack of domain-specific expertise. At the same time, the use of RAG can pose new privacy issues: data poisoning (retrieval and knowledge poisoning), prompt injections and knowledge extraction. In particular, previous studies have not sufficiently addressed the security of RAG systems with Active Database that store generated responces in a retrieval database. In this work, we propose a new way of attacks to RAG with Active Database which is based on prompt injections and retrieval poisoning. The results of experiments confirm the vulnerability of these distributed systems and the need for new defense techniques.