Exposing Hidden Data from RAG Systems
Pedro Paniago
Bug Bounty Village @ DEF CON 33 · Day 1 · Bug Bounty Village
In this insightful talk from Bug Bounty Village, Pedro Paniago, a Manager at PwC Belgium and an accomplished bug bounty hunter, unveils a critical vulnerability in **Retrieval Augmented Generation (RAG)** systems that he terms the "Open Down technique." The presentation details a novel method for exfiltrating sensitive data from RAG-powered applications, demonstrating how attackers can systematically bypass security measures and retrieve the entire indexed knowledge base. Paniago's research highlights a fundamental design flaw within how RAG systems process and retrieve information, allowing for unintended data leakage.
AI review
Legitimate bug bounty-grounded research on a real RAG design flaw, validated by an 8.8 CVSS finding. The core insight — weaponizing chunk overlap retrieval for sequential document traversal — is genuinely useful and not widely documented, but the technique is ultimately a variant of prompt injection + contextual leakage that specialists will recognize as incremental rather than foundational.