Releasing an open-source RAG attack + defense lab for local stacks (ChromaDB + LM Studio) — runs fully local, no cloud, consumer hardware

Built a lab to measure how bad RAG knowledge base poisoning actually is on a default local setup - and what defenses actually move the number. Stack: ChromaDB + LM Studio (Qwen2.5-7B), standard LangChain-style chunking, no API keys, runs on a MacBook Pro. What the lab measures: Knowledge base poisoning against undefended ChromaDB: 95% success. The attack works at the retrieval layer - no jailbreak, no model access, no prompt manipulation. The model is doing exactly what it's supposed to, just from poisoned context.