AI Dev Impact Lab JA
← Rankings · AI-RELATED REPO

KezoSec/rag-poisoning-lab

A self-contained AI security lab demonstrating document poisoning, indirect prompt injection, and data exfiltration in RAG systems. Explores the "helpfulness paradox" across local and frontier LLMs.

⚡ AI-using Python MIT GitHub ↗
★ 0
stars
100
AI relevance
50
solo dev
0
tool sigs

SUMMARY AI summary by gpt-5-mini

A self-contained Docker lab that demonstrates four classes of attacks against Retrieval-Augmented Generation (RAG) systems and defenses, validated on a local model (Llama 3.2 3B) and a frontier model (Claude Haiku 4.5). Intended for security researchers, red teams, and engineers building/defending RAG pipelines. Key features: - Reproducible attack scripts that inject payloads into a Chroma vector DB (document poisoning, indirect prompt injection, data exfiltration, PDF invisible-text smuggling). - Local offline Llama via Ollama and optional Anthropic Claude integration; sentence-transformers embeddings; Docker Compose orchestration. - Working defense: regex-based output filter and JSON evidence for each outcome. - Headline finding: stronger reasoning/helpfulness in frontier models can increase susceptibility to content-poisoning; model safety is shape-based, so retrieval-layer controls are required.

DETECTED Detected AI stack

AI-related keywords found in this repo's description, topics, or README summary — grouped by category. Each badge links to the corresponding ranking detail page.

🧠 LLM providers (2)
Anthropic Ollama
🗄️ Vector DBs (1)
Chroma
🔢 Embedding models (1)
sentence-transformers
🤖 LLM models (2)
Claude Llama

GitHub Topics

#ai-security #claude #llama #llm-security #prompt-injection #rag #red-teaming

Language breakdown (by bytes)

Shell
15.4%
Python
81.5%
Dockerfile
3.1%

Owner

Account
KezoSec
Type
User
Followers
0

Dates

Created on GitHub 2026-05-09
Last push 2026-05-09
First seen here 2026-05-09
Last fetched 2026-05-09 15:42

Similar repos (same language)

bgzhang1/sw2api

Reverse proxy for your ai quota from the SW platform.

Python 19 AI 45
dea6cat/2b-agent

This llm Agent was created based on necessity for one that could simply use local models without making them hallucinate and keep them focus

Python 1 AI 75
Zuboy/Carbon-Cost-Optimizer-Agentic-AI

An AI agent that decides where and when to run ML training jobs to minimize cost and carbon emissions, then launches them autonomously — exposed entirely through MCP tools.

Python 1 AI 75
FuchaZ/lm-studio-vision-bridge

给纯文本 AI agent 装上眼睛——通过 LM Studio 本地视觉模型提供 MCP 图片识别服务

Python 1 AI 45
Shrutirowlo/AI-Video-Agent

AI-powered video generation agent that automates script analysis, scene planning, and video creation.

Python 1 AI 75
Shivang0/social-vision

Paste an Instagram/TikTok/YouTube/X link and Claude watches it for you — transcribes audio, reads on-screen text & visuals, explains what it's about. Local, cross-platform Claude Code plugin.

Python 1 AI 70
markusbegerow/claude-fuer-oeffentliche-verwaltung

⚠️ Experimentelle Skill-Sammlung für Digitalisierung, Fachverfahren und Organisation der deutschen öffentlichen Verwaltung (OZG, FIM, FIT-Connect, KI-Einsatz, eIDAS, BSI-IT-Grundschutz, DSGVO) – bitte testen, Issues/PRs willkommen! Keine Rechts-/Datenschutzberatung, keine verbindliche Behördenentscheidung. Keine Bürger-/Mitarbeiterdaten im Repo.

Python 1 AI 75
knowledgegut/course-distiller

把有權使用的工作坊/課程回放消化成套品牌色的步驟式學習 PDF;最後的重組交還人腦。A Claude Code skill by 知識包小腸.

Python 1 AI 45