AGENTIC AI AND RAG SECURITY

RAG Contamination Threat Model.

Additional page sections

Maps contamination paths from source material through retrieval into model output and downstream action.

Version 2.3 Beta Protected engine RAG contamination path report
PURPOSE

Decision supported.

Maps contamination paths from source material through retrieval into model output and downstream action.

Intended user

research, assurance and technical review teams

Output status

Preliminary outputHuman review requiredNot certification
USE CASES

Where this instrument fits.

  • Threat-model RAG applications
  • Assess source trust and ingestion risk
  • Create release blockers for retrieval systems
  • Plan monitoring and red-team test cases
INPUTS

Required input fields.

  • Source trust (required): Curated internal corpus, Mixed internal and external, Open web or user-submitted
  • Ingestion governance (required): Reviewed before indexing, Scheduled automated ingestion, Continuous or user-driven
  • Retrieval access control (required): Strict per-user access, Partial filters, Weak or unclear
  • Sensitive content (required): None expected, Some controlled content, Material sensitive content
  • Citation validation (required): Strict validation, Partial, None
  • Downstream action (required): No downstream action, Draft-only, Workflow update, External action

Data handling: this interface uses the L2ET protected same-origin instrument engine. Do not enter confidential, regulated, privileged, incident, medical or sensitive operational data.

METHOD

Pipeline logic.

Scores each RAG stage and produces a path diagram with controls for poisoning, prompt injection, stale sources, citation laundering and permission leakage.

Source families

OWASP LLM guidanceRAG threat modelinginformation retrieval assurance

Assumptions

  • The model is architectural and depends on user-described controls.
  • RAG risks vary by corpus, retrieval policy and action design.
  • Testing is still required.
INTERACTIVE INSTRUMENT

RAG contamination path report.

Use the controls below to generate a preliminary artifact. The output is intentionally bounded and requires human review.

OUTPUT ARTIFACT

RAG contamination path report.

The generated artifact includes findings, assumptions, limitations, recommended next actions and exportable structured output.

Export options

Copy outputMarkdownJSONMermaidPDF/print
EXAMPLE

Example input and output.

Example input

Mixed-source RAG with scheduled ingestion, partial access filtering, some sensitive content and draft-only output.

Example output

Produces contamination scenarios, controls, monitoring requirements, release blockers and residual-risk notes.

LIMITATIONS

What this tool does not do.

  • Does not test a live vector database.
  • Does not provide offensive payload libraries.
  • Does not guarantee mitigation completeness.

This instrument does not provide legal, medical, cryptographic, engineering, regulatory or compliance certification.

RELATED METHOD

Method and workflow links.

Read the family method note for assumptions, output artifacts, update policy and review boundaries.

Open methodology Open family

RELATED TOOLS

Suggested workflow sequence.

Agentic Workflow Rail

Builds a swimlane control map for user, agent, policy, memory, retrieval, tools, human approval, audit and rollback.

open instrument →

Agentic AI Permission Boundary Designer

Creates an allow/deny permission-boundary architecture for tool-using AI systems.

open instrument →

Prompt-Injection Sandbox

Classifies suspicious instruction patterns in test text and maps them to defensive containment recommendations.

open instrument →
CHANGELOG

Version history.

  • v2.3 - Research-grade instrument template, method notes, assumptions, limitations, example and export actions added.
  • Last updated: 2026-05-27.
  • Maturity state: Beta.