Search papers, labs, and topics across Lattice.
This paper introduces SentinelRAG, a novel watermarking framework designed to protect proprietary RAG databases from unauthorized redistribution by embedding style-consistent fictitious knowledge entries. The approach leverages synthetic knowledge that is unlikely to be retrieved through legitimate queries but can be activated by targeted probes known only to the data owner. Experimental results across four datasets show that SentinelRAG achieves a statistically significant detection rate with a mere 0.1% injection rate, significantly reducing false detection while preserving the integrity of legitimate queries.
Fictitious knowledge entries can safeguard RAG databases without compromising query integrity, achieving high detection rates with minimal interference.
Protecting proprietary RAG databases from unauthorized redistribution is challenging: existing watermarking methods either inject fabricated relations between real entities, polluting the knowledge base with misinformation, or embed fragile lexical patterns that adversarial paraphrasing easily removes. We propose SentinelRAG, a watermarking framework that embeds style-consistent but fictitious knowledge entries into the RAG database. Our key insight is that synthetic knowledge describing fictitious entities is unlikely to be retrieved by legitimate queries, yet can be reliably triggered through targeted probes known only to the data owner. Experiments on four datasets ranging from 2.9k to 8.8M documents demonstrate that SentinelRAG achieves statistically significant detection $p < 10^{-5}$ across all tested configurations at only a 0.1% injection rate. Compared to the state-of-the-art, our method significantly reduces the false detection rate while maintaining negligible interference with legitimate user queries.
