RAG Security Threat Model at a Glance | Threat | Vector | Control | |---|---|---| | Direct prompt injection | User input | System prompt hardening, input filters | | Indirect prompt injection | Retrieved doc content | Content isolation, instruction fencing, output validators | | Cross-tenant leakage | Shared index, broken filter | Namespace isolation, deny-by-default filter auth | | Over-scope answer | User reads chunks they shouldn't see | ACL-aware retrieval, post-filter | | PII exfil to LLM provider | Sensitive text in context | Pre-index redaction, pre-send filter | | Data retention viola…