@inproceedings{zeng-etal-2025-rag,
    title = "{S}-{RAG}: A Novel Audit Framework for Detecting Unauthorized Use of Personal Data in {RAG} Systems",
    author = "Zeng, Zhirui  and
      Liu, Jiamou  and
      Chiang, Meng-Fen  and
      He, Jialing  and
      Zhang, Zijian",
    editor = "Che, Wanxiang  and
      Nabende, Joyce  and
      Shutova, Ekaterina  and
      Pilehvar, Mohammad Taher",
    booktitle = "Proceedings of the 63rd Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers)",
    month = jul,
    year = "2025",
    address = "Vienna, Austria",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/ingestion-acl-25/2025.acl-long.512/",
    pages = "10375--10385",
    ISBN = "979-8-89176-251-0",
    abstract = "Retrieval-Augmented Generation (RAG) systems combine external data retrieval with text generation and have become essential in applications requiring accurate and context-specific responses. However, their reliance on external data raises critical concerns about unauthorized collection and usage of personal information. To ensure compliance with data protection regulations like GDPR and detect improper use of data, we propose the Shadow RAG Auditing Data Provenance (S-RAG) framework. S-RAG enables users to determine whether their textual data has been utilized in RAG systems, even in black-box settings with no prior system knowledge. It is effective across open-source and closed-source RAG systems and resilient to defense strategies. Experiments demonstrate that S-RAG achieves an improvement in Accuracy by 19.9{\%} (compared to the best baseline), while maintaining strong performance under adversarial defenses. Furthermore, we analyze how the auditor{'}s knowledge of the target system affects performance, offering practical insights for privacy-preserving AI systems. Our code is open-sourced online."
}