mediumexperimentalLinuxOCIT1565.001

Linux Agent Modifying Vector Database Files

Detects AI agent processes directly modifying vector database files used for RAG (Retrieval Augmented Generation) memory, which may indicate deliberate poisoning of the agent's knowledge retrieval layer.

Updated Jan 10, 2025 · OCI AI Security Team

agentic-aimemory-poisoningvector-dbraglinuxociowasp-asi06

Problem Statement

Vector databases store the knowledge that RAG-based agents retrieve to inform their responses. Poisoning these databases allows an attacker to inject false information, manipulate agent decision-making, or embed adversarial instructions that are retrieved and acted upon during future agent tasks.

Sample Logs

{"timestamp":"2025-01-10T09:50:00Z","computer_name":"oci-worker-27","user":"agent_svc","image":"/usr/bin/python3","target_filename":"/opt/agent/knowledge/docs.faiss","event_type":"ModifyFile"}

Required Fields

image

target_filename

user

computer_name

False Positives

·Legitimate document ingestion pipelines that update vector indexes as new documents are added
·Scheduled re-indexing jobs that rebuild vector stores from source documents

Tuning Guidance

Allowlist known indexing service accounts and scheduled ingestion jobs. Alert on modifications outside approved ingestion windows or from processes not in the approved indexing pipeline.