Slide 3 · What Is RAG
RAG is what makes AI know your private documents.
It’s also where LLM08 lives.
RAG: Retrieval-Augmented Generation
A base LLM only knows what it was trained on. RAG connects it to a live knowledge base — your internal documents, product database, support tickets, contracts — so it can answer questions using your data, not just public information.
1️⃣User asks a question
“What’s the status of the Alpha project?”
2️⃣Question is converted to a vector
The retrieval system finds the top-N documents in the vector database whose embeddings are closest to the question’s embedding.
3️⃣Retrieved documents are injected as context
The LLM is handed those documents alongside the original question. It answers based on what it was given — not on what it was trained on.
⚠️The LLM trusts whatever it’s given
If a poisoned document is retrieved, the LLM treats it as authoritative context — just like any legitimate document.
The Attack Surface
The LLM is not the weak point. The knowledge base is. An attacker who controls what gets retrieved controls what the AI says — without ever sending a single prompt.