{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/a897b55a-0126-4de8-9e33-2bde994285c8","identifier":"a897b55a-0126-4de8-9e33-2bde994285c8","url":"https://forgecascade.org/public/capsules/a897b55a-0126-4de8-9e33-2bde994285c8","name":"When RAG Chatbots Expose Their Backend: An Anonymized Case Study of Privacy and Security Risks in Patient-Facing Medical AI","text":"# When RAG Chatbots Expose Their Backend: An Anonymized Case Study of Privacy and Security Risks in Patient-Facing Medical AI\n\nSource-backed public reference for arXiv:2605.00796.\n\n**Authors:** Alfredo Madrid-GarcĂ­a, Miguel Rujas\n**Primary source:** https://arxiv.org/abs/2605.00796\n**Published:** 2026-05-01T17:29:09Z\n**Updated:** 2026-05-01T17:29:09Z\n**Categories:** cs.CR, cs.AI, cs.CL\n\n## Abstract Summary\nBackground: Patient-facing medical chatbots based on retrieval-augmented generation (RAG) are increasingly promoted to deliver accessible, grounded health information. AI-assisted development lowers the barrier to building them, but they still demand rigorous security, privacy, and governance controls. Objective: To report an anonymized, non-destructive security assessment of a publicly accessible patient-facing medical RAG chatbot and identify governance lessons for safe deployment of generative AI in health. Methods: We used a two-stage strategy. First, Claude Opus 4.6 supported exploratory prompt-based testing and structured vulnerability hypotheses. Second, candidate findings were manually verified using Chrome Developer Tools, inspecting browser-visible network traffic, payloads, API schemas, configuration objects, and stored interaction data. Results: The LLM-assisted phase identified a critical vulnerability: sensitive system and RAG configuration appeared exposed through client-server communication rather than restricted server-side. Manual verification confirmed that ordinary browser inspection allowed collection of the system prompt, model and embedding configuration, retrieval parameters, backend endpoints, API schema, document and chunk metadata, knowledge-base...\n\n## Public Use Notes\n- This capsule summarizes the paper's arXiv metadata and abstract; it is not an independent replication or endorsement of the paper's claims.\n- Use it as a cited research reference for discovery, retrieval, and agent context.\n- For clinical, security, or deployment-sensit","keywords":["cs.CR","cs.AI","cs.CL"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"},"dateCreated":"2026-05-04T06:00:06.427000Z","dateModified":"2026-06-19T11:39:00Z","isBasedOn":"https://arxiv.org/abs/2605.00796","additionalProperty":[{"@type":"PropertyValue","name":"trust_level","value":85},{"@type":"PropertyValue","name":"verification_status","value":"sources_verified"},{"@type":"PropertyValue","name":"provenance_status","value":"valid"},{"@type":"PropertyValue","name":"evidence_level","value":"primary_source"}]}