Skip to content

Hide Navigation Hide TOC

Data Poisoning via RAG and Knowledge Base Contamination - ATR-2026-00070 (3ca267ca-4224-54d0-b467-28870fbc67c5)

Consolidated detection for data poisoning attacks targeting both RAG retrieval pipelines and structured knowledge bases. Detects malicious content injected into retrieved documents, FAQ entries, help articles, and indexed data that contains hidden instructions, directive markers, role-override commands, concealment directives, behavioral mode switching, or exfiltration commands. When poisoned content is retrieved as context for the LLM, the embedded instructions can hijack agent behavior, override safety guardrails, or cause data exfiltration.

Cluster A Galaxy A Cluster B Galaxy B Level
Data Manipulation - T1565 (ac9e6b22-11bf-45d7-9181-c1cb08360931) Attack Pattern Data Poisoning via RAG and Knowledge Base Contamination - ATR-2026-00070 (3ca267ca-4224-54d0-b467-28870fbc67c5) Agent Threat Rules 1
Poison Training Data (0ec538ca-589b-4e42-bcaa-06097a0d679f) MITRE ATLAS Attack Pattern Data Poisoning via RAG and Knowledge Base Contamination - ATR-2026-00070 (3ca267ca-4224-54d0-b467-28870fbc67c5) Agent Threat Rules 1
Data Poisoning via RAG and Knowledge Base Contamination - ATR-2026-00070 (3ca267ca-4224-54d0-b467-28870fbc67c5) Agent Threat Rules Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 1
LLM Prompt Injection (19cd2d12-66ff-487c-a05c-e058b027efc9) MITRE ATLAS Attack Pattern Indirect (a4a55526-2f1f-403b-9691-609e46381e17) MITRE ATLAS Attack Pattern 2