The RAG Security Gap Nobody’s Talking About — And How I Built a Tool to Fix It

The RAG Security Gap Nobody’s Talking About - And How I Built a Tool to Fix It Last month, a CVSS 9.3 vulnerability called EchoLeak made headlines. A document was uploaded to a company’s AI system. It looked completely normal. Inside it were hidden instructions. The AI read them, followed them, and exfiltrated sensitive data - with zero user interaction required. No one noticed until it was too late. I read that CVE report and immediately thought of every RAG pipeline I’d seen in production. Documents going in. Nobody checking what was inside them.