You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: documentation/README.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@ MemorAIs
2
2
====================
3
3
*Your data, remembered. Your questions, answered.*
4
4
5
-
MemorAIs is a full-fledged chat app to interact with a capable language model. It employs a Retrieval-Augmented Generation (RAG) pipeline to provide a more accurate and contextually relevant response.
5
+
MemorAIs is a full-fledged chat app to interact with a capable language model. It employs a Retrieval-Augmented Generation (RAG) pipeline to provide more accurate responses, taking into account context uploaded by the user (so called **memories**).
6
6
Further, memorAIs acts as an Model Context Protocol (MCP) host, to enable users agents to access the users' chat history with the language model.
7
7
This AI-native application emphasizes user privacy and data security, ensuring that sensitive information is handled with care.
8
8
@@ -56,10 +56,10 @@ Via MCP the chat messages, for a given chat session ID, can be accessed for exam
56
56
MemorAIs is built using microservices which include:
57
57
-**Backend**: ASP.NET Core 9.0
58
58
-**Frontend**: React.js, serving a single-page application (SPA)
59
-
-**Proxy**: Nginx Reverse Proxy serves the frontend and proxies backend (running in frontend container)
60
-
-**Database**: MariaDB to store relational data like user accounts, chat sessions and text representations of memories
61
-
-**Vector Database**: Qdrant for storing and searching embeddings of memories (context)
62
-
-**LM Runtime**: Ollama for hosting and running the language model (LM)
59
+
-**Proxy**: Nginx Reverse Proxy (running in frontend container) serves the frontend and proxies the backend
60
+
-**Database**: MariaDB to store relational data like user accounts, chat sessions and textual representations of memories (context)
61
+
-**Vector Database**: Qdrant for storing and searching the embeddings of memories
62
+
-**LM Runtime**: Ollama for hosting and running the language model (SmolLM 135M)
63
63
-**Cleanup**: A cleanup service that periodically removes old data from the database and vector database
64
64
65
65
@@ -69,13 +69,13 @@ In memorAIs are two vulnerabilities implemented.
69
69
## Embedding Inversion Attack
70
70
### Background
71
71
Embeddings are a common way to represent text in a vector, allowing models to understand and process language.
72
-
A Retrieval-Augmented Generation pipeline is assembled by first encoding documents into embeddings using an
72
+
A Retrieval-Augmented Generation pipeline is assembled by first encoding given text (here: so-called memories) into embeddings using an
73
73
embedding model and storing them in a vector database for efficient retrieval. At query time, the user’s question
74
-
is embedded, similar vectors are retrieved from the database, and those results are passed to an LLM to generate a
74
+
is embedded, similar vectors are retrieved from the database with their textual representation, and those results are passed to an LLM to generate a
75
75
context-aware response.
76
76
77
77
This attack vector is designed to mimic a genuine embedding-inversion attack.
78
-
Classic inversion attacks reconstruct portions of a sentence by training a model to reverse its embedding vector,
78
+
Classic inversion attacks reconstruct portions of a sentence by training a model to reverse the embedding vector,
79
79
an approach that depends on each word’s semantic meaning being preserved in the embedding space.
80
80
81
81
Since flags, in contrast, are random character strings with no inherent semantics and have to be fully and with high accuracy recovered from the embeddings,
@@ -92,11 +92,11 @@ The flag can then be reconstructed.
92
92
flowchart TD
93
93
A["Get flag hint session ID"] --> B["Register an attacker user"]
94
94
B --> C["Login as attacker"]
95
-
C --> D["Import shared session containing flag embeddings"]
95
+
C --> D["Import shared session containing flag embeddings by it's ID"]
96
96
D --> E["Create search query with flag-alike characters"]
97
-
E --> F["Find documents in the chat session embedding collection"]
97
+
E --> F["Search for similar entities in the chat session <br/> and retrieve vector and norm"]
98
98
F --> G["Build character embedding lookup table<br/>by embedding all possible flag characters"]
99
-
G --> H["For each found document"]
99
+
G --> H["For each found entities"]
100
100
H --> I["Extract embedding vector and norm"]
101
101
I --> J["Un-normalize embedding vector<br/>by multiplying with norm"]
102
102
J --> K["Reconstruct character by character<br/>using nearest neighbor matching"]
0 commit comments