Skip to content

lcy5201314/Awesome-RAG-Safety

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

Awesome-RAG-Safety Awesome

A curated list of publications on the security of Retrieval-Augmented Generation (RAG), covering topics such as adversarial attacks, data poisoning attacks, backdoor attacks, jailbreak attacks, prompt injection, investigations, and security frameworks.

Last Update: Mar. 17th, 2025.

This project is supported by ANT group, Cybersecurity College Student Innovation Funding Program and Xidian University. We will try our best to continuously maintain this Github Repository in a weekly manner. If your publication is not included here, please email to li.chunyang@stu.xidian.edu.cn

LLM

  • BadRAG: Identifying Vulnerabilities in Retrieval Augmented Generation of Large Language Models. ArXiv 2024. [pdf]

  • PoisonedRAG: Knowledge Corruption Attacks to Retrieval-Augmented Generation of Large Language Models. USENIX Security 2025. [pdf]

  • MACHINE AGAINST THE RAG: JAMMING RETRIEVAL-AUGMENTED GENERATION WITH BLOCKER DOCUMENTS. ArXiv 2024. [pdf]

  • TrojanRAG: Retrieval-Augmented Generation Can Be Backdoor Driver in Large Language Models. ArXiv 2024. [pdf]

  • Poisoning Retrieval Corpora by Injecting Adversarial Passages. EMNLP 2023. [pdf]

  • Backdoor Attacks on Dense Passage Retrievers for Disseminating Misinformation. ArXiv 2024. [pdf]

  • Typos that Broke the RAG's Back: Genetic Attack on RAG Pipeline by Simulating Documents in the Wild via Low-level Perturbations. ArXiv 2024. [pdf]

  • Phantom: General Trigger Attacks on Retrieval Augmented Language Generation. ArXiv 2024. [pdf]

  • “Glue pizza and eat rocks” - Exploiting Vulnerabilities in Retrieval-Augmented Generative Models. EMNLP 2024. [pdf]

  • Human-Imperceptible Retrieval Poisoning Attacks in LLM-Powered Applications. ArXiv 2024. [pdf]

  • Neural Exec: Learning (and Learning from) Execution Triggers for Prompt Injection Attacks. ArXiv 2024. [pdf]

  • CtrlRAG: Black-box Adversarial Attacks Based on Masked Language Models in Retrieval-Augmented Language Generation. ArXiv 2025. [pdf]

  • The RAG Paradox: A Black-Box Attack Exploiting Unintentional Vulnerabilities in Retrieval-Augmented Generation Systems. ArXiv 2025. [pdf]

MLLM

  • Poisoned-MRAG: Knowledge Poisoning Attacks to Multimodal Retrieval Augmented Generation. ArXiv 2025. [pdf]

  • MM-PoisonRAG: Disrupting Multimodal RAG with Local and Global Poisoning Attacks. ArXiv 2025. [pdf]

About

Awesome-RAG-Safety

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published