RAGdrag Deep Dive: The Complete Kill Chain
For the last five weeks, we have been hitting individual techniques. Now we run all six phases against a single target, start
// $ grep -r tag=security-testing
security-testing
RAGdrag Deep Dive: Hijacking RAG Retrieval
R4 Poison gets your content into the knowledge base. R5 Hijack keeps it there and makes the system do what you want.
RAGdrag Deep Dive: Bypassing RAG Guardrails
Most RAG guardrails are keyword filters wearing a trench coat. Let's prove it. This is R6 Evade. The phase that
RAGdrag Deep Dive: Poisoning the Knowledge Base
Last week we mapped the target's internals. Now we use that information to put our own documents inside the knowledge
RAGdrag Deep Dive: Mapping RAG Internals Without Access
RAGdrag Deep Dive: Mapping RAG Internals Without Access You don't need source code access to figure out how a RAG
RAGdrag Walkthrough: From Fingerprint to Exfiltration in Four Commands
Last week I published the methodology. Six phases. Twenty-seven techniques. A kill chain for RAG pipeline security that didn't exist
RAGdrag: A Kill Chain for RAG Pipeline Attacks
Everyone is building RAG pipelines. Almost nobody is attacking them properly. Not "prompt inject the chatbot and see if it says