RAG Credential Harvesting
Tactic: Credential Access
This technique has been demonstrated in research or controlled environments.
Adversaries may attempt to use their access to a large language model (LLM) on the victim's system to collect credentials. Credentials may be stored in internal documents which can inadvertently be ingested into a RAG database, where they can ultimately be retrieved by an AI agent.