Each row is an attack type from Part 2. The Primary column is the mitigation that directly breaks the attack mechanism. Supporting mitigations reduce blast radius or provide detection when prevention fails.
| Attack | Primary Mitigation | Also Helps |
|---|---|---|
| Retrieval Poisoning | M3 Retrieval Controls | M5 Monitoring, M1 Ingestion Validation |
| Embedding Inversion | M4 Encrypt Vectors | M2 Access Controls |
| Cross-Context Leakage | M2 Permission-Aware Stores | M5 Monitoring |
| Context Manipulation | M1 Validate Ingestion | M3 Retrieval Controls, M5 Monitoring |
| Ghost Embeddings (Persistence) | M6 Limit Persistence | M5 Monitoring |