{"data":{"id":"a363128a-0286-475c-ac5d-94eb768d3db1","title":"External Data Extraction Attacks Against Retrieval-Augmented Large Language Models","summary":"Retrieval-augmented generation (RAG, a technique where AI systems pull in external documents to answer questions) enhances large language models but introduces a new security risk: external data extraction attacks (EDEAs), where attackers can trick the system into revealing sensitive or copyrighted information from its knowledge base. Researchers developed an attack called Secret that uses AI-optimized prompts and adaptive strategies to extract data from RAG systems, successfully extracting data from commercial models where previous attacks failed.","solution":"N/A -- no mitigation discussed in source.","labels":["security","research"],"sourceUrl":"http://ieeexplore.ieee.org/document/11570932","publishedAt":"2026-06-18T13:16:36.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["data_extraction","rag_poisoning"],"issueType":"research","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Claude 3.7 Sonnet"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-18T13:16:36.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":"peer_reviewed","atlasIds":null}}