@inproceedings{859cad5397234ac68c07f2c6b454d116,
title = "S-RAG: A Novel Audit Framework for Detecting Unauthorized Use of Personal Data in RAG Systems",
abstract = "Retrieval-Augmented Generation (RAG) systems combine external data retrieval with text generation and have become essential in applications requiring accurate and context-specific responses. However, their reliance on external data raises critical concerns about unauthorized collection and usage of personal information. To ensure compliance with data protection regulations like GDPR and detect improper use of data, we propose the Shadow RAG Auditing Data Provenance (S-RAG) framework. S-RAG enables users to determine whether their textual data has been utilized in RAG systems, even in black-box settings with no prior system knowledge. It is effective across open-source and closed-source RAG systems and resilient to defense strategies. Experiments demonstrate that S-RAG achieves an improvement in Accuracy by 19.9\% (compared to the best baseline), while maintaining strong performance under adversarial defenses. Furthermore, we analyze how the auditor's knowledge of the target system affects performance, offering practical insights for privacy-preserving AI systems. Our code is open-sourced online.",
author = "Zhirui Zeng and Jiamou Liu and Chiang, \{Meng Fen\} and Jialing He and Zijian Zhang",
note = "Publisher Copyright: {\textcopyright} 2025 Association for Computational Linguistics.; 63rd Annual Meeting of the Association for Computational Linguistics, ACL 2025 ; Conference date: 27-07-2025 Through 01-08-2025",
year = "2025",
doi = "10.18653/v1/2025.acl-long.512",
language = "English",
series = "Proceedings of the Annual Meeting of the Association for Computational Linguistics",
publisher = "Association for Computational Linguistics (ACL)",
pages = "10375--10385",
editor = "Wanxiang Che and Joyce Nabende and Ekaterina Shutova and Pilehvar, \{Mohammad Taher\}",
booktitle = "Long Papers",
address = "United States",
}