EcoSafeRAG: Efficient Security through Context Analysis in Retrieval-Augmented Generation
Ruobing Yao, Yifei Zhang, Shuang Song, Neng Gao, Chenyang Tu
TL;DR
EcoSafeRAG tackles security vulnerabilities in retrieval-augmented generation by performing context-aware filtering that does not depend on LLM internal knowledge. It combines sentence-level segmentation, adaptive core-sentence screening, and bait-guided contextual diversity checks to detect malicious content before generation. The approach delivers state-of-the-art security against corpus poisoning, prompt injection, and adversarial attacks while preserving or improving performance on clean data, with only modest latency and substantial token savings ($48\%-80\%$) compared to Vanilla RAG. These results support practical deployment of secure, efficient RAG systems in production environments.
Abstract
Retrieval-Augmented Generation (RAG) compensates for the static knowledge limitations of Large Language Models (LLMs) by integrating external knowledge, producing responses with enhanced factual correctness and query-specific contextualization. However, it also introduces new attack surfaces such as corpus poisoning at the same time. Most of the existing defense methods rely on the internal knowledge of the model, which conflicts with the design concept of RAG. To bridge the gap, EcoSafeRAG uses sentence-level processing and bait-guided context diversity detection to identify malicious content by analyzing the context diversity of candidate documents without relying on LLM internal knowledge. Experiments show EcoSafeRAG delivers state-of-the-art security with plug-and-play deployment, simultaneously improving clean-scenario RAG performance while maintaining practical operational costs (relatively 1.2$\times$ latency, 48\%-80\% token reduction versus Vanilla RAG).
