AT

AttackTrace

Browse techniquesThreat activityBrowse ATLASSearch
ATLASAML.T0070
ATLAS index
AML.T0070

RAG Poisoning

Adversaries may inject malicious content into data indexed by a retrieval augmented generation (RAG) system to contaminate a future thread through RAG based search results. This may be accomplished by placing manipulated documents in a location the RAG indexes (see Gather RAG Indexed Targets). The content may be target

Framework
MITRE ATLAS
Maturity
Demonstrated
Platforms
Generative AI, Agentic AI
Release
2026.05

Overview

Adversaries may inject malicious content into data indexed by a retrieval augmented generation (RAG) system to contaminate a future thread through RAG-based search results. This may be accomplished by placing manipulated documents in a location the RAG indexes (see Gather RAG-Indexed Targets).

The content may be targeted such that it would always surface as a search result for a specific user query. The adversary's content may include false or misleading information. It may also include prompt injections with malicious instructions, or false RAG entries.

Sources

  1. MITRE ATLAS AML.T0070: RAG Poisoning — MITRE