DVRAG: The First Deliberately Vulnerable RAG Pipeline for Security Testing

25 vulnerabilities. 15 challenges. 22 API endpoints. Every one mapped to the OWASP RAG Security Cheat Sheet (submitted, PR ). RAG Has an Attack Surface Nobody Is Testing in detail. Every enterprise AI chatbot, copilot, and knowledge assistant uses Retrieval-Augmented Generation (RAG). Documents go in. Answers come out. Between those two steps is an attack surface that most teams have never tested. Document poisoning. Cross-tenant data leakage. Embedding inversion. Cache poisoning. Prompt injection via retrieved content. Tool execution from model output. None of these are theoretical.