{"data":{"id":"aa7725a9-bf3d-4f3d-9071-010aaa5108e9","title":"Securing RAG pipelines in enterprise SaaS","summary":"RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) pipelines in enterprise software allow AI agents to access company data like internal wikis and CRM records, but this creates serious security risks including data leaks, unauthorized access to personal information, and prompt injection attacks (tricking an AI by hiding instructions in its input). Recent real-world attacks have exploited RAG systems through unclicked emails, exposed database access keys, hidden malicious text in code repositories, and poisoned knowledge bases to steal data or spread false information.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://www.csoonline.com/article/4163888/securing-rag-pipelines-in-enterprise-saas.html","publishedAt":"2026-04-28T10:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":["prompt_injection","rag_poisoning","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft 365 Copilot","Cursor IDE","Pinecone","Milvus","ElasticSearch"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-28T10:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}