External Data Extraction Attacks Against Retrieval-Augmented Large Language Models
Summary
Retrieval-augmented generation (RAG, a technique where AI systems pull in external documents to answer questions) enhances large language models but introduces a new security risk: external data extraction attacks (EDEAs), where attackers can trick the system into revealing sensitive or copyrighted information from its knowledge base. Researchers developed an attack called Secret that uses AI-optimized prompts and adaptive strategies to extract data from RAG systems, successfully extracting data from commercial models where previous attacks failed.
Classification
Affected Vendors
Related Issues
Original source: http://ieeexplore.ieee.org/document/11570932
First tracked: June 29, 2026 at 08:04 PM
Classified by LLM (prompt v3) · confidence: 95%