Lesson 8 · 18 min

Capstone: security audit of a production RAG system

Apply the full security framework to a realistic production system: a document Q&A RAG application with tool-use capabilities. Find the vulnerabilities, propose fixes, and build the security regression test suite.

The target system

A legal research assistant used by a law firm:

RAG knowledge base: 10,000 legal documents, case law, and firm precedents — partially crawled from public legal databases
Tools: document_search (read-only), draft_email (sends to pre-approved recipients), update_case_notes (write to internal case management system), calendar_schedule (creates calendar events)
Users: lawyers and paralegals who paste in client documents for analysis
System prompt contains: the firm's billing rates, confidential client matter numbers, instructions for handling privileged information

Five vulnerabilities have been planted. Identify them.