sleeepeer/PoisonedRAG

PoisonedRAG is a high-quality academic artifact accepted at USENIX Security 2025, which provides it with significant credibility in the security research community. With 254 stars and 45 forks, it has established itself as a foundational reference for RAG-specific vulnerabilities. The defensibility score of 5 reflects its status as a leading research project; while it lacks a commercial moat or network effects, its methodology is the baseline against which future RAG security tools will be measured. Frontier labs (OpenAI, Anthropic) are unlikely to prioritize building specific RAG poisoning tools as they focus on model-level alignment, though they may eventually incorporate its findings into broad safety guardrails. The primary risk comes from consolidation in the AI red-teaming market; tools like Microsoft's PyRIT or Garak are likely to absorb these specific attack vectors into larger, more comprehensive security suites. The displacement horizon is set at 1-2 years, as the industry moves from manual research scripts to automated security scanning for RAG pipelines.