paper

Retrieval Pivot Attacks in Hybrid RAG: Measuring and Mitigating Amplified Leakage from Vector Seeds to Graph Expansion

Scott Thornton · Feb 9, 2026

The scare statistic: roughly 95% of benign queries leaked cross-tenant data in a hybrid RAG corpus, not from attackers but from organic entity connections. A shared employee name or supplier is a bridge between two customers' documents, and graph expansion walks straight across it. Read before designing anything customer-facing; the fix (authorisation enforced at the graph-expansion boundary) is cheap, but only if you know you need it.

← Back to sources