sleeepeer/PoisonedRAG

[USENIX Security 2025] PoisonedRAG: Knowledge Corruption Attacks to Retrieval-Augmented Generation of Large Language Models

55
/ 100
Established

Implements both black-box (LM-targeted) and white-box (HotFlip) poisoning attacks on retrieval corpora, targeting popular RAG retriever-LLM pairs including Contriever with GPT-3.5/4, PaLM 2, and LLaMA. Evaluates attacks across BEIR benchmark datasets (NQ, HotpotQA, MS-MARCO) with configurable hyperparameters for adversarial document generation and ranking manipulation. Integrates with Hugging Face model APIs and supports local model deployment via FastChat for reproducible adversarial evaluation.

242 stars.

No Package No Dependents
Maintenance 10 / 25
Adoption 10 / 25
Maturity 16 / 25
Community 19 / 25

How are scores calculated?

Stars

242

Forks

38

Language

Python

License

MIT

Category

cybersecurity-soc-rag

Last pushed

Jan 27, 2026

Commits (30d)

0

GitHub
Cybersecurity SOC RAG · 87 tools

Get this data via API

curl "https://pt-edge.onrender.com/api/v1/quality/rag/sleeepeer/PoisonedRAG"

Open to everyone — 100 requests/day, no key needed. Get a free key for 1,000/day.

Related tools

LLAMATOR-Core/llamator

Red Teaming python-framework for testing chatbots and GenAI systems.

65

JuliusHenke/autopentest

CLI enabling more autonomous black-box penetration tests using Large Language Models (LLMs)

50

kelkalot/simpleaudit

Allows to red-team your AI systems through adversarial probing. It is simple, effective, and...

50

SecurityClaw/SecurityClaw

A modular, skill-based autonomous Security Operations Center (SOC) agent that monitors...

48

AI-secure/AgentPoison

[NeurIPS 2024] Official implementation for "AgentPoison: Red-teaming LLM Agents via Memory or...

45

Explore RAG Tools

All categories Trending RAG directory Insights