Document poisoning in RAG systems: How attackers corrupt AI's sources

A security researcher demonstrates how attackers can 'poison' documents in RAG (Retrieval-Augmented Generation) systems to corrupt AI responses. The attack achieves 95% success rate in controlled conditions by injecting malicious documents that dominate retrieval results. While the demonstration uses a small 5-document corpus, the researcher notes the same mechanism scales to larger systems with proportionally more poisoned documents. This represents a practical vulnerability in AI systems that rely on external document retrieval.