The Good and The Bad: Exploring Privacy Issues in Retrieval-Augmented Generation (RAG)
It addresses privacy risks for builders of LLMs and RAG systems, though it is incremental in exploring specific vulnerabilities.
This paper investigates privacy issues in retrieval-augmented generation (RAG) systems, finding that they can leak private retrieval data through novel attacks but also mitigate leakage of LLM training data.
Retrieval-augmented generation (RAG) is a powerful technique to facilitate language model with proprietary and private data, where data privacy is a pivotal concern. Whereas extensive research has demonstrated the privacy risks of large language models (LLMs), the RAG technique could potentially reshape the inherent behaviors of LLM generation, posing new privacy issues that are currently under-explored. In this work, we conduct extensive empirical studies with novel attack methods, which demonstrate the vulnerability of RAG systems on leaking the private retrieval database. Despite the new risk brought by RAG on the retrieval data, we further reveal that RAG can mitigate the leakage of the LLMs' training data. Overall, we provide new insights in this paper for privacy protection of retrieval-augmented LLMs, which benefit both LLMs and RAG systems builders. Our code is available at https://github.com/phycholosogy/RAG-privacy.