KezoSec/rag-poisoning-lab
A self-contained AI security lab demonstrating document poisoning, indirect prompt injection, and data exfiltration in RAG systems. Explores the "helpfulness paradox" across local and frontier LLMs.
SUMMARY AI summary by gpt-5-mini
A self-contained Docker lab that demonstrates four classes of attacks against Retrieval-Augmented Generation (RAG) systems and defenses, validated on a local model (Llama 3.2 3B) and a frontier model (Claude Haiku 4.5). Intended for security researchers, red teams, and engineers building/defending RAG pipelines. Key features: - Reproducible attack scripts that inject payloads into a Chroma vector DB (document poisoning, indirect prompt injection, data exfiltration, PDF invisible-text smuggling). - Local offline Llama via Ollama and optional Anthropic Claude integration; sentence-transformers embeddings; Docker Compose orchestration. - Working defense: regex-based output filter and JSON evidence for each outcome. - Headline finding: stronger reasoning/helpfulness in frontier models can increase susceptibility to content-poisoning; model safety is shape-based, so retrieval-layer controls are required.
DETECTED Detected AI stack
AI-related keywords found in this repo's description, topics, or README summary — grouped by category. Each badge links to the corresponding ranking detail page.
GitHub Topics
Language breakdown (by bytes)
Owner
Dates
| Created on GitHub | 2026-05-09 |
| Last push | 2026-05-09 |
| First seen here | 2026-05-09 |
| Last fetched | 2026-05-09 15:42 |
Similar repos (same language)
Reverse proxy for your ai quota from the SW platform.
dea6cat/2b-agentThis llm Agent was created based on necessity for one that could simply use local models without making them hallucinate and keep them focus
Zuboy/Carbon-Cost-Optimizer-Agentic-AIAn AI agent that decides where and when to run ML training jobs to minimize cost and carbon emissions, then launches them autonomously — exposed entirely through MCP tools.
FuchaZ/lm-studio-vision-bridge给纯文本 AI agent 装上眼睛——通过 LM Studio 本地视觉模型提供 MCP 图片识别服务
Shrutirowlo/AI-Video-AgentAI-powered video generation agent that automates script analysis, scene planning, and video creation.
Shivang0/social-visionPaste an Instagram/TikTok/YouTube/X link and Claude watches it for you — transcribes audio, reads on-screen text & visuals, explains what it's about. Local, cross-platform Claude Code plugin.
markusbegerow/claude-fuer-oeffentliche-verwaltung⚠️ Experimentelle Skill-Sammlung für Digitalisierung, Fachverfahren und Organisation der deutschen öffentlichen Verwaltung (OZG, FIM, FIT-Connect, KI-Einsatz, eIDAS, BSI-IT-Grundschutz, DSGVO) – bitte testen, Issues/PRs willkommen! Keine Rechts-/Datenschutzberatung, keine verbindliche Behördenentscheidung. Keine Bürger-/Mitarbeiterdaten im Repo.
knowledgegut/course-distiller把有權使用的工作坊/課程回放消化成套品牌色的步驟式學習 PDF;最後的重組交還人腦。A Claude Code skill by 知識包小腸.