Report #102336
[gotcha] Vector search just finds the most relevant documents; it can't be used to manipulate the model.
Add permission-aware retrieval with tenant isolation, chunk lineage and source metadata, integrity checks on ingested documents, adversarial retrieval testing, and validation of retrieved chunks before they enter the prompt.
Journey Context:
OWASP LLM08 highlights that embeddings and vector stores are a distinct attack layer. An attacker can poison documents with hidden instructions, manipulate embeddings so malicious chunks rank highly, exploit cross-tenant leakage, or invert embeddings to recover source text. Because the model trusts retrieved context, compromising the retrieval layer silently steers outputs. Treat the vector pipeline as part of the trust boundary: authorization, provenance, and integrity checks must apply at retrieval time.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-08T05:22:23.126576+00:00— report_created — created