{"id":"https://openalex.org/W7117575016","doi":"https://doi.org/10.1145/3733799.3762976","title":"The Hidden Threat in Plain Text: Attacking RAG Data Loaders","display_name":"The Hidden Threat in Plain Text: Attacking RAG Data Loaders","publication_year":2025,"publication_date":"2025-10-13","ids":{"openalex":"https://openalex.org/W7117575016","doi":"https://doi.org/10.1145/3733799.3762976"},"language":null,"primary_location":{"id":"doi:10.1145/3733799.3762976","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733799.3762976","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3733799.3762976","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5095851407","display_name":"Alberto Castagnaro","orcid":null},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":true,"raw_author_name":"Alberto Castagnaro","raw_affiliation_strings":["University of Padua, Padova, Italy"],"raw_orcid":"https://orcid.org/0009-0008-1809-2253","affiliations":[{"raw_affiliation_string":"University of Padua, Padova, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120063816","display_name":"Umberto Salviati","orcid":null},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Umberto Salviati","raw_affiliation_strings":["University of Padua, Padova, Italy"],"raw_orcid":"https://orcid.org/0009-0006-1475-9677","affiliations":[{"raw_affiliation_string":"University of Padua, Padova, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121599307","display_name":"Mauro Conti","orcid":null},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]},{"id":"https://openalex.org/I26437253","display_name":"\u00d6rebro University","ror":"https://ror.org/05kytsw45","country_code":"SE","type":"education","lineage":["https://openalex.org/I26437253"]}],"countries":["IT","SE"],"is_corresponding":false,"raw_author_name":"Mauro Conti","raw_affiliation_strings":["University of Padua, Padova, Italy and \u00d6rebro University, \u00d6rebro, Sweden"],"raw_orcid":"https://orcid.org/0000-0002-3612-1934","affiliations":[{"raw_affiliation_string":"University of Padua, Padova, Italy and \u00d6rebro University, \u00d6rebro, Sweden","institution_ids":["https://openalex.org/I26437253","https://openalex.org/I138689650"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5051194788","display_name":"Luca Pajola","orcid":"https://orcid.org/0000-0002-6749-6608"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Luca Pajola","raw_affiliation_strings":["Spritz Matter, Padova, Italy"],"raw_orcid":"https://orcid.org/0000-0002-6749-6608","affiliations":[{"raw_affiliation_string":"Spritz Matter, Padova, Italy","institution_ids":["https://openalex.org/I138689650"]}]},{"author_position":"last","author":{"id":null,"display_name":"Simeone Pizzi","orcid":"https://orcid.org/0009-0007-6719-0813"},"institutions":[{"id":"https://openalex.org/I138689650","display_name":"University of Padua","ror":"https://ror.org/00240q980","country_code":"IT","type":"education","lineage":["https://openalex.org/I138689650"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Simeone Pizzi","raw_affiliation_strings":["Spritz Matter, Padova, Italy"],"raw_orcid":"https://orcid.org/0009-0007-6719-0813","affiliations":[{"raw_affiliation_string":"Spritz Matter, Padova, Italy","institution_ids":["https://openalex.org/I138689650"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5095851407"],"corresponding_institution_ids":["https://openalex.org/I138689650"],"apc_list":null,"apc_paid":null,"fwci":4.3211,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.95407425,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"170","last_page":"181"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.4221999943256378,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.4221999943256378,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11636","display_name":"Artificial Intelligence in Healthcare and Education","score":0.10530000180006027,"subfield":{"id":"https://openalex.org/subfields/2718","display_name":"Health Informatics"},"field":{"id":"https://openalex.org/fields/27","display_name":"Medicine"},"domain":{"id":"https://openalex.org/domains/4","display_name":"Health Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.05000000074505806,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5360000133514404},{"id":"https://openalex.org/keywords/pipeline-transport","display_name":"Pipeline transport","score":0.3125999867916107},{"id":"https://openalex.org/keywords/decipher","display_name":"DECIPHER","score":0.30059999227523804},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.2892000079154968},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.25519999861717224}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6496000289916992},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6068999767303467},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5360000133514404},{"id":"https://openalex.org/C175309249","wikidata":"https://www.wikidata.org/wiki/Q725864","display_name":"Pipeline transport","level":2,"score":0.3125999867916107},{"id":"https://openalex.org/C164614171","wikidata":"https://www.wikidata.org/wiki/Q5204775","display_name":"DECIPHER","level":2,"score":0.30059999227523804},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.2892000079154968},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.2770000100135803},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2702000141143799},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.25519999861717224},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.24609999358654022}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3733799.3762976","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733799.3762976","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3733799.3762976","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733799.3762976","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.6155359745025635,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G7997080686","display_name":null,"funder_award_id":"PE_00000014, B53C22003990006","funder_id":"https://openalex.org/F4320331528","funder_display_name":"Ministero dell'Universit\u00e0 e della Ricerca"}],"funders":[{"id":"https://openalex.org/F4320331528","display_name":"Ministero dell'Universit\u00e0 e della Ricerca","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W2791544114","https://openalex.org/W2889016530","https://openalex.org/W2964040431","https://openalex.org/W3155584966","https://openalex.org/W3176393001","https://openalex.org/W3212709629","https://openalex.org/W4283170666","https://openalex.org/W4382882547","https://openalex.org/W4385372663","https://openalex.org/W4392353733","https://openalex.org/W4407278810","https://openalex.org/W4415797457"],"related_works":[],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"have":[4],"transformed":[5],"human\u2013machine":[6],"interaction":[7],"since":[8],"ChatGPT\u2019s":[9],"2022":[10],"debut,":[11],"with":[12],"Retrieval-Augmented":[13],"Generation":[14],"(RAG)":[15],"emerging":[16],"as":[17],"a":[18,42],"key":[19],"framework":[20],"that":[21],"enhances":[22],"LLM":[23],"outputs":[24],"by":[25,59],"integrating":[26],"external":[27,34],"knowledge.":[28],"However,":[29],"RAG\u2019s":[30],"reliance":[31],"on":[32],"ingesting":[33],"documents":[35],"introduces":[36],"new":[37],"vulnerabilities.":[38],"This":[39],"paper":[40],"exposes":[41],"critical":[43],"security":[44],"gap":[45],"at":[46],"the":[47],"data":[48],"loading":[49],"stage,":[50],"where":[51],"malicious":[52],"actors":[53],"can":[54],"stealthily":[55],"corrupt":[56],"RAG":[57],"pipelines":[58],"exploiting":[60],"document":[61],"ingestion.":[62]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-04-25T08:17:42.794288","created_date":"2025-12-30T00:00:00"}