Go to ACL ARR 2026 January homepageDORA: Protecting Proprietary RAG Databases via Embedding-Aware Data Adulteration
Keywords: Retrieval-Augmented Generation, Data Adulteration
Abstract: Retrieval-Augmented Generation (RAG) leverages external knowledge bases to mitigate Large Language Models (LLMs) hallucinations and extend their capabilities. The database in RAG represents critical intellectual property (IP), vulnerable to theft and unauthorized exploitation. Traditional defenses are often impractical: watermarking fails to verify in private scenarios as the model outputs are inaccessible for verification, while full-database encryption introduces prohibitive computational latency. An existing solution, AURA, is designed for GraphRAG, limiting its applicability to document RAG systems. We propose DORA, which adulterates databases to make them unusable to an adversary. In contrast, authorized users with the secret key can filter out these adulterants to preserve full system utility. Experimental results across various LLMs show that DORA renders up to 79.5% on QASPER (private domain) and 66.8% on HotpotQA (public knowledge) of answers unreliable. Conversely, it introduces minimal latency with a total time increase of less than 3.50% and maintains 100% fidelity for authorized users. Furthermore, DORA remains robust, as our adulterants exhibit over 86.3% stealthiness against detection tools. DORA establishes a universal approach for protecting the high-value knowledge bases in RAG systems.
Paper Type: Long
Research Area: Safety and Alignment in LLMs
Research Area Keywords: safety and alignment
Languages Studied: English
Submission Number: 4733
Loading