RAG Security Survey seeks field reports

This reads like a useful field-gathering exercise, not a product launch, and the topic is timely because RAG security failures tend to show up only after teams go live.

• –The survey targets the right failure modes: access control gaps, prompt injection, poisoning, retrieval weirdness, and stale or sensitive data resurfacing after deletion
• –It is especially relevant for teams using multi-step or agentic RAG, where each additional hop expands the attack surface
• –The focus on anonymous, aggregated responses should lower the barrier for practitioners to share uncomfortable incidents
• –If the researcher gets enough responses, the results could be more actionable than the usual abstract “RAG is insecure” takes
• –The main limitation is selection bias: respondents will likely skew toward security-conscious builders and more painful incidents