This master’s thesis addresses the increasing data privacy concerns arising from the proliferation of Retrieval-Augmented Generation (RAG) systems, which enhance Large Language Models (LLMs) by integrating external, potentially sensitive knowledge bases. While coupling LLMs with domain-specific data improves response accuracy and relevance, it also introduces inherent risks of privacy violations. To understand and unify the growing body of research in this area, this study conducts a systematic literature review of 56 recent works focusing on privacy in RAG systems. The research systematizes the identified privacy risks into a comprehensive framework, categorizing them into leakage (e.g., data and prompt leakage) and adversarial manipulation (e.g., data extraction/poisoning, membership inference, prompt extraction/injection, and jailbreak attacks). Furthermore, the study maps these risks to a variety of proposed privacy-preserving techniques, creating a Taxonomy of RAG Privacy Risks and Mitigations. To provide a dynamic understanding of these issues, the thesis introduces a RAG Privacy Process Diagram that visualizes where risks emerge and where mitigations can be applied across the RAG pipeline. To further explore the practical implications of privacy-preserving measures, this work includes a case study on techniques aimed at mitigating dataset leakage. The empirical investigation evaluates the privacy-utility trade-off observed in RAG system responses when applying state-of-the-art anonymization and differential privacy-based paraphrasing methods early in the RAG pipeline, directly at the dataset level. The findings highlight the complexity of balancing privacy protection with maintaining the effectiveness of RAG applications. Ultimately, this research delivers the first comprehensive systematization of privacy risks and mitigation strategies specifically for RAG systems, providing a unified overview for researchers and practitioners and underscoring crucial considerations for building privacy-aware RAG applications. A public repository of the surveyed papers, code, and a web application, titled GuardRAG, accompanies this work to facilitate reproducibility and further research.
1. What are the privacy-related issues in RAG systems and how can one systematize them?
2. What privacy-preserving mechanisms can be implemented in RAG systems to mitigate
the privacy-related issues and how can one systematize them?
3. What are the trade-offs between privacy guarantees and the performance of the RAG
systems when implementing privacy-preserving mechanisms?
| Name | Type | Size | Last Modification | Last Editor |
|---|---|---|---|---|
| 241125 Bodea Kick-Off Presentation.pdf | 743 KB | 09.05.2025 | ||
| 250422 Andreea-Elena_Bodea-MT_Privacy_in_RAG_Systems_22.04.2025_signed.pdf | 4,89 MB | 09.05.2025 | ||
| 250506 Bodea - MT Final Presentation.pdf | 2,17 MB | 09.05.2025 |