Six security risks to test first in a RAG app
Testing a RAG app should begin by checking whether one user's data can appear in another user's answers. Data must also remain fully separated between customers or .
Tests should cover that try to cause false answers or harmful actions, as well as hidden inside retrieved content. The system should be checked for unsafe use of connected tools.
Users and documents should not receive broader than they need. Redfox provides practical material on RAG data leaks and the wider range of ways systems can be attacked.
Key points
- Test whether data can leak from one user to another.
- Confirm that each customer or organization's data stays separate.
- Check whether or can change the system's behavior.
- Prevent connected tools from carrying out .
- Remove document and user permissions that are broader than necessary.