RAG evaluation can leak sensitive documents during grading
A RAG system can expose during evaluation, not only during setup. A simple test is to disconnect the network and run the . Any part that fails with a connection error was likely calling an outside model to grade the result.
In many RAG evaluations, that grader sees the user question, the retrieved document chunks, and the generated answer together. Remote can send documents outside the network when the index is built, but can also send sensitive data outside every time evaluation runs. This may be acceptable for a chatbot built on public documents.
It is much riskier for contracts, patient notes, internal source code, or customer . The suggested approach is to use evaluation code that can be read, forked, and run inside the network under the .
Key points
- Disconnecting the network can reveal whether a RAG evaluation tool calls outside services.
- A hosted judge model may receive the question, retrieved chunks, and generated answer.
- Data can leak at index time through remote and at evaluation time through hosted grading.
- Public-document chatbots are lower risk than systems using contracts, patient notes, code, or .
- evaluation code can be inspected and run inside a private network.