Cordon-MAS: Defending RAG against Knowledge Poisoning via Information-Flow Control 事件

Cordon-MAS: Defending RAG against Knowledge Poisoning via Information-Flow Control arXiv:2605.26754v1 Announce Type: cross Abstract: Retrieval-augmented generation (RAG) increasingly underpins high-stakes applications, yet remains vulnerable to Confundo-style poisoning where adversarially optimized documents manipulate generated outputs. Existing defenses assume that detecting poisoned evidence prevents harm. We show this assumption is incorrect: models exhibit a monitoring-control gap -- they