Safeguard
Tag

rag-security

Safeguard articles tagged "rag-security" — guides, analysis, and best practices for software supply chain and application security.

9 articles

AI Security

Securing Vector Databases: The Overlooked Attack Surface in AI Apps

Vector databases became critical infrastructure the moment RAG went mainstream, but most are deployed with the security posture of a cache. Embeddings leak, indexes get poisoned, and tenants bleed into each other.

Jul 2, 20265 min read
AI Security

RAG Security Best Practices for 2026

Retrieval-augmented generation wired an untrusted-content pipeline straight into your model's context window. Here are the practices that keep a poisoned document or a leaked chunk from becoming an incident.

Jul 1, 20266 min read
AI Security

Securing LangChain and LlamaIndex Applications in Production

Agent frameworks ship fast and patch fast. The CVE history, the dangerous defaults, and a production hardening baseline for LangChain and LlamaIndex apps.

Jun 14, 20266 min read
AI Security

Data poisoning attacks against LLMs

A $60 domain purchase or 250 documents can backdoor an LLM. Here's how data poisoning attacks work, real cases, and how to defend against them.

Jun 8, 20267 min read
AI Security

What is Sensitive Information Disclosure in LLMs

LLM sensitive information disclosure leaks training data, prompts, and secrets through model outputs. Real incidents, causes, and defenses explained.

Mar 1, 20266 min read
AI Security

What is RAG (Retrieval-Augmented Generation) Security

RAG pipelines blend retrieved data with model instructions, creating prompt injection, poisoning, and embedding-leak risks traditional AppSec tools miss.

Mar 1, 20267 min read
AI Security

How indirect prompt injection hides malicious instruction...

How attackers hide malicious instructions inside webpages, documents, and retrieved content to hijack AI systems — and why RAG pipelines are especially exposed.

Dec 8, 20258 min read
AI Security

Memory and Context Poisoning Attacks Against AI Agents

How attackers poisoned ChatGPT's memory and RAG pipelines to hijack AI agents long-term, and the controls Safeguard uses to catch it before it spreads.

Nov 17, 20258 min read
AI Security

LLM Vector and Embedding Weaknesses

Embeddings aren't anonymized math — Vec2Text recovers 92% of text from vectors, and OWASP's LLM08:2025 now names inversion, poisoning, and exposed vector DBs as core AI risks.

Nov 15, 20257 min read
rag-security — Safeguard Blog