arXiv: GraphSteal: Structural Knowledge Stealing from Graph RAG via Traversal Reconstruction

A new research paper, GraphSteal, published on arXiv, demonstrates a novel method for extracting the structural knowledge embedded within Graph-based Retrieval-Augmented Generation (RAG) systems. This attack, called traversal reconstruction, allows an adversary to infer the underlying graph topology and relationships that a model uses to generate answers, effectively stealing the proprietary knowledge graph without direct access. The paper highlights a significant vulnerability in how these systems expose their internal data structures through normal query interactions.

This regulatory change primarily affects organizations deploying Graph RAG systems in high-risk or regulated sectors, including financial services, healthcare, legal tech, and any EU entity subject to the AI Act or GDPR. Companies using these systems for sensitive tasks like fraud detection, medical diagnosis, or legal research are at risk, as the stolen graph could reveal confidential business logic, trade secrets, or personal data patterns. The attack undermines the confidentiality and integrity requirements under Article 5 of the AI Act for high-risk AI systems.

Compliance teams should immediately conduct a risk assessment of any Graph RAG deployments, focusing on whether their graph structure could be reverse-engineered through normal API queries. They must review data protection impact assessments to ensure that graph-level knowledge is classified as sensitive business information. Next, implement query rate limiting, output perturbation, and graph obfuscation techniques to mitigate traversal attacks. Finally, update internal AI governance policies to require security testing for structural knowledge leakage before deploying any RAG system in production.