ATR-2026-00070highData Poisoningexperimental
Data Poisoning via RAG and Knowledge Base Contamination
Consolidated detection for data poisoning attacks targeting both RAG retrieval pipelines and structured knowledge bases. Detects malicious content injected into retrieved documents, FAQ entries, help articles, and indexed data that contains hidden instructions, directive markers, role-override commands, concealment directives, behavioral mode switching, or exfiltration commands. When poisoned content is retrieved as context for the LLM, the embedded instructions can hijack agent behavior, override safety guardrails, or cause data exfiltration.
Severity
high
Category
Data Poisoning
Scan Target
mcp
Author
ATR Community
Response Actions
block outputalertsnapshotescalate
References
OWASP Agentic
ASI06:2026 - Memory and Context Poisoning
OWASP LLM
LLM01:2025 - Prompt InjectionLLM03:2025 - Supply Chain VulnerabilitiesLLM08:2025 - Excessive Agency
MITRE ATLAS
AML.T0051.001 - Indirect Prompt InjectionAML.T0020 - Poison Training Data