Baseline Risk
Direct prompt injection from user queries
Malicious user instructions can attempt to override intended behaviour before the model has any trustworthy context.
Final Year Project · Secure RAG Prototype
Secure Retrieval for RAG
RAG Shield is a secure proxy for Retrieval-Augmented Generation systems. It enforces retrieval-time access control, blocks malicious inputs, sanitises sensitive context, and records auditable security events before data reaches the language model.
Project Summary
What the project is
A secure RAG prototype that introduces pre-generation security controls between user input, retrieval, and the LLM.
What problem it solves
It addresses cases where insecure RAG can expose restricted content, trust malicious retrieved text, or forward raw sensitive values into prompts.
What was built
A working pipeline with access control, masking and sanitisation, malicious-content screening, blocking, quarantine, and audit-oriented monitoring.
Why it matters
It demonstrates that security controls can be introduced into a RAG pipeline without removing its practical usefulness.
Baseline Vulnerabilities Mitigated
Baseline Risk
Missing chunk-level access control
Answer-bearing sensitive chunks may still be retrieved even when a lower-privilege user should not see them.
Baseline Risk
Unauthorized sensitive context exposure
Without policy-aware filtering, the model may process more information than should be permitted for the request context.
Baseline Risk
Indirect prompt injection
Unsafe instructions hidden inside retrieved documents can influence the LLM if retrieval results are trusted blindly.
Demo Cases
Case 01 · Prompt injection defence
Indirect & Direct Prompt Injection
Insecure RAG
Injection can influence output
The insecure baseline either trusts malicious retrieved content or fails to reject a direct malicious query before generation begins.
Secure RAG Shield
Blocked, excluded, or quarantined
The secure pipeline blocks direct malicious queries and screens suspicious retrieved content so unsafe instructions do not reach the model.
Case 02 · Policy-governed retrieval and masking
Access Control and Sensitive Context Handling
Insecure RAG
Raw and overbroad context
The insecure baseline can forward raw sensitive values and process more retrieved context than should be considered appropriate for the policy boundary.
Secure RAG Shield
Appropriate and sanitised
The secure pipeline restricts processing to policy-allowed information and replaces the remaining PII or confidential values with safe placeholders.
Architecture
The architecture places a secure proxy between the user, retrieval layer, internal document store, and the LLM. Security decisions are enforced before prompt construction so that only authorised, sanitised, and policy-compliant context reaches the model.