Skip to content
ATR-2026-00070highData Poisoningexperimental

Data Poisoning via RAG and Knowledge Base Contamination

Consolidated detection for data poisoning attacks targeting both RAG retrieval pipelines and structured knowledge bases. Detects malicious content injected into retrieved documents, FAQ entries, help articles, and indexed data that contains hidden instructions, directive markers, role-override commands, concealment directives, behavioral mode switching, or exfiltration commands. When poisoned content is retrieved as context for the LLM, the embedded instructions can hijack agent behavior, override safety guardrails, or cause data exfiltration.

嚴重度
high
類別
Data Poisoning
掃描目標
mcp
作者
ATR Community

建議回應

block outputalertsnapshotescalate

參考資料

OWASP Agentic
ASI06:2026 - Memory and Context Poisoning
OWASP LLM
LLM01:2025 - Prompt InjectionLLM03:2025 - Supply Chain VulnerabilitiesLLM08:2025 - Excessive Agency
MITRE ATLAS
AML.T0051.001 - Indirect Prompt InjectionAML.T0020 - Poison Training Data
在 GitHub 上查看完整 YAML →

更多 Data Poisoning 規則

ATR-2026-00073criticalMalicious Fine-tuning Data