What question did this study set out to answer?

The aim is to propose a defense framework to mitigate security risks in local AI systems, specifically addressing indirect prompt injection and retrieval poisoning.

synapse

⌘+K

synapse

⌘+K

March 8, 2026Open Access

Nokast-SecureRAG: An Open-Source Framework for Trusted Local AI via SLM-Driven Defense

Key Points

The aim is to propose a defense framework to mitigate security risks in local AI systems, specifically addressing indirect prompt injection and retrieval poisoning.
Proposes a ~1-4B-parameter semantic layer model (SLM) as a defense against security threats.
Utilizes semantic context consistency to detect misaligned instruction-like content.
Conceptual architecture designed for local hardware and privacy-focused settings.
Identifies and surveys security threats to local AI systems stemming from retrieval-augmented generation.
Outlines a novel framework intended to enhance security and prevent unauthorized data manipulation in AI assistants.

Abstract

Local Retrieval-Augmented Generation (RAG) systems enable powerful AI assistants to operate over private data but inherit security risks like Indirect Prompt Injection (IPI) and retrieval poisoning. nokast-secureRAG proposes a ~1-4B-parameter SLM as a context-aware defense layer between retriever and generator, using Semantic Context Consistency to detect instruction-like content misaligned with user intent. Designed for local hardware (16GB VRAM), privacy-first deployments, and LLM-agnostic integration. This conceptual white paper outlines the problem, surveys threats (Greshake'23, AgentPoison'24), presents architecture, and specifies future evaluation. All claims framed as hypotheses.

Read Full Paperexternally

Mark Helpful

Bookmark

Relay

View Full Paper