A safe-looking AI agent can still leak data during retrieval
An AI agent that uses can expose information even when its chat model appears safe. Unauthorized material may be retrieved when document are weak or sensitive information is stored in a . Instructions hidden inside retrieved content can also cause and change the agent's behavior.
Retrieval that searches too broadly increases the chance of exposing unrelated private material. Weak can mix data belonging to different customers. Without logs showing what was retrieved, teams may struggle to trace an incident.
Security tests should therefore cover document permissions, customer separation, retrieved content, and retrieval logs—not just the final answer.
Key points
- Check access permission for every document the agent can retrieve.
- Review whether sensitive information belongs in the and how it is protected.
- Test whether malicious instructions in retrieved documents can trigger .
- Verify that keeps each customer's data separate.
- Log what data was retrieved and when so incidents can be traced.