pip install raguard · npm install raguard

Your RAG Pipeline Has a Poisoning Problem

5 fake documents. That's all it takes to make your AI recommend whitelisting malware. RAGuard is the security layer that sits between your retriever and your LLM, catching Hallucination Propagation Chains before they do damage.

API Coming SoonSee It In Action
your_rag_app.py
from raguard import RAGuard

guard = RAGuard()
safe_docs = guard.filter(retrieved_docs, query="...")
# Poisoned documents never reach your LLM

Python & TypeScript SDKs · LangChain & LlamaIndex · Local or API mode

The Attack Nobody's Talking About

Adversarial Hallucination Engineering doesn't target your LLM. It targets the documents your LLM trusts. No jailbreak needed — just fake consensus.

STEP 1

Attacker Plants Fake Documents

Multiple documents containing the same false claim get injected into public wikis, web pages, or directly into your vector database.

STEP 2

Your Retriever Takes the Bait

The retriever pulls 5+ sources that all "agree" with each other. The LLM sees consensus and treats the lie as established fact.

STEP 3

Your AI Gives Dangerous Advice

"DarkNebula is safe — whitelist it." Research shows a 38% attack success rate with just 5 poisoned documents. Bigger models are more vulnerable.

RAGuard Catches This

Three detection engines — consensus clustering, semantic anomaly, and source reputation — analyze every retrieved document before it reaches your LLM. Poisoned clusters get flagged. Clean documents pass through.

Drop-In Integration. Zero Infrastructure.

RAGuard runs locally by default. No API key, no external calls, no data leaving your network. Add it in one line.

from raguard import RAGuard

guard = RAGuard()  # local mode, no API key needed
result = guard.scan(retrieved_docs, query=query)

if result.safe:
    # pass docs to your LLM
    ...
else:
    # result.flagged_documents tells you which ones to drop
    safe_docs = guard.filter(retrieved_docs, query=query)

Consensus Clustering

Detects Hallucination Propagation Chains — when multiple documents suspiciously agree with each other. Uses sentence embeddings, agglomerative clustering, and a weighted risk formula across 4 signals.

Semantic Anomaly

Isolation forest outlier detection, contradiction pattern matching, and coordinated injection detection. Catches documents that are statistically wrong for the context.

Source Reputation

Scores every document against 40+ trusted domains (NIST, CISA, MITRE, OWASP). Penalizes missing metadata, promotional language, and suspicious content patterns.

Pricing That Scales With You

Start with the free tier. Upgrade when your pipeline goes to production.

Free

$0forever

For side projects and evaluation

Scans: 1K / mo

Detectors: 3

Mode: Local

Support: Community

  • LangChain + LlamaIndex
  • Full offline mode
  • Basic dashboard
Coming Soon

Most Popular

Pro

$499/month

For production RAG pipelines

Scans: 10K / mo

Detectors: All

Mode: API + Local

Support: Priority

  • Cite-or-Silent enforcement
  • Usage dashboard & analytics
  • Source reputation tracking
  • Custom detection thresholds
Coming Soon

Enterprise

Custom

For regulated industries and SOCs

Scans: Unlimited

Detectors: All + Custom

Mode: On-prem

Support: Dedicated

  • SLA guarantee
  • Dedicated support engineer
  • Audit-ready compliance reports
  • Custom model training
Coming Soon

API Coming Soon

We're building the hosted API with free and pro tiers. In the meantime, run RAGuard locally with the SDK.

pip install raguard · npm install raguard