Cisco Open Sources RAG Security Scanner for Adversarial Hub Detection

Cisco released open source security scanner 'Adversarial Hub Detector' for auditing vector index vulnerabilities in RAG systems. Uses four complementary detectors: median/MAD-based hub detection, normalized Shannon entropy cluster analysis, stability testing, and domain/modality-aware detection.

Targets 'adversarial hub' attacks where manipulated document embeddings create 'gravity wells' that dominate retrieval results. Real-world cases include single documents misleading Microsoft 365 Copilot.