T12-AT-015MEDIUM

Metadata Exploitation

T12 · RAG & Knowledge Base Manipulation →

Risk score190

RatingMedium

Procedures10

Severity

Mechanism

Document metadata (author, creation date, content-type, access control lists, source URL, confidence scores) influences retrieval ranking, filtering, and the LLM's trust weighting of retrieved content. Metadata exploitation manipulates these fields to affect how documents are processed, ranked, and trusted without modifying the document content itself. The assumption violated is that metadata is a faithful descriptor of the document — in practice, metadata is often author-supplied, unverified, and mutable.

Detection

Validate metadata against document content (content-type, encoding, language)
Monitor metadata changes independently of content changes
Verify ACL metadata against the authorization system
Observable signal: documents with metadata inconsistent with their content or ingestion source

Mitigation

Server-side metadata generationHIGH

Metadata validation on ingestionHIGH

ACL metadata separationHIGH

Metadata sanitizationMEDIUM

Chaining

Metadata exploitation amplifies all other T12 techniques: timestamp manipulation feeds T12-AT-009, authorship spoofing feeds T12-AT-008, ACL manipulation feeds T12-AT-011 (Cross-Collection). Metadata-based ranking manipulation feeds T12-AT-002 (Retrieval Manipulation).

Framework mapping

OWASP LLMLLM08

MITRE ATLASAML.T0043

Open in the technique browser →