◈ AI Security Intelligence ← All terms
Concept  ·  Glossary

Retrieval-Augmented Generation (RAG)

Definition
A technique where an AI, before answering a question, first searches a company's own knowledge base or documents to find relevant facts, then uses those facts to write its answer. This allows the AI to give up-to-date, company-specific answers without needing to be retrained. The 'retrieval' step fetches relevant text; the 'generation' step writes the response.
Why it matters
RAG is the dominant architecture for enterprise AI assistants that answer questions from internal documents, policies, or databases. If the underlying knowledge store is tampered with or injected with malicious content, every answer the AI generates could be compromised.
Demonstrated by recent findings
Spring AI Vector Stores — Special-Character Injection Enables Arbitrary Query Execution in Elasticsearch, OpenSearch, and GemFireChromaDB Rust IDOR Cross-Tenant Data Access — CVE-2026-8828, CVSS 8.8 HIGH — No Patch ConfirmedLangflow AI Platform Path Traversal → Unauthenticated RCE Actively Exploited (CVE-2026-5027)
References
NIST AI Risk Management Framework
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →