Secure RAG pipeline
Retrieval-Augmented Generation (RAG) introduces new attack surfaces: indirect injection through retrieved documents, data poisoning of knowledge bases, and unauthorized access to sensitive content. PromptWall secures the RAG pipeline at every stage.
RAG-specific threats
RAG systems retrieve external documents and inject them into the LLM context. This creates a trust boundary problem: the model treats retrieved content with the same authority as system instructions. An attacker who can influence what gets retrieved can effectively inject instructions into the AI — without the user doing anything malicious.
Indirect Injection
CriticalMalicious instructions hidden in retrieved documents that manipulate LLM behavior
✓ Scan retrieved context for injection patterns before LLM processing
Data Poisoning
HighAttackers insert adversarial documents into the knowledge base
✓ Content validation at ingestion time with injection and toxicity scanning
Unauthorized Retrieval
HighUser queries retrieve documents they should not have access to
✓ Access control enforcement on vector store queries based on user role
PII Leakage
HighRetrieved documents contain sensitive data exposed through AI responses
✓ PII detection and masking on retrieved context before LLM processing
Defense-in-depth for RAG
- Ingestion scanning — Scan documents for injection payloads before they enter the knowledge base.
- Retrieval access control — Enforce user-level permissions on vector store queries.
- Context inspection — Apply injection detection and PII masking to retrieved context before LLM processing.
- Output validation — Apply content filtering to LLM responses to catch manipulation effects.
Secure your RAG pipeline
Deploy multi-layer protection for retrieval-augmented generation.
Frequently asked questions
What is indirect prompt injection through RAG?+
Indirect prompt injection occurs when malicious instructions are embedded in documents stored in the knowledge base. When retrieved, these instructions become part of the LLM context and can manipulate model behavior — without the user including any malicious content themselves.
Can PromptWall scan retrieved documents?+
Yes. PromptWall can inspect RAG retrieval results before they enter the LLM context window. This catches indirect injection hidden in documents, PII in retrieved content, and policy-violating material — preventing contamination of the AI response.
How do I protect the RAG knowledge base itself?+
Implement document ingestion controls: scan new documents for injection payloads before indexing, classify content by sensitivity level, and maintain access controls on the vector store. PromptWall's detection engines can be used in the ingestion pipeline as well as at query time.