Christoph R. Landolt

Christoph R. Landolt

ELLIS PhD Student at CISPA

Publications

Securing RAG: A Risk Assessment and Mitigation Framework

Published in IEEE Swiss Conference on Data Science 2025, 2025

Retrieval Augmented Generation (RAG) has emerged as the de facto industry standard for user-facing NLP applications, offering the ability to integrate data without re-training or fine-tuning Large Language Models (LLMs). This capability enhances the quality and accuracy of responses but also introduces novel security and privacy challenges, particularly when sensitive data is integrated. With the rapid adoption of RAG, securing data and services has become a critical priority. This paper first reviews the vulnerabilities of RAG pipelines, and outlines the attack surface from data pre-processing and data storage management to integration with LLMs. The identified risks are then paired with corresponding mitigations in a structured overview. In a second step, the paper develops a framework that combines RAG-specific security considerations, with existing general security guidelines, industry standards, and best practices. The proposed framework aims to guide the implementation of robust, compliant, secure, and trustworthy RAG systems.

Recommended citation: Lukas Ammann, Sara Ott, Christoph R Landolt, Marco P Lehmann. (2025). "Securing RAG: A Risk Assessment and Mitigation Framework." IEEE Swiss Conference on Data Science 2025. 1(1). https://arxiv.org/abs/2505.08728

Multi-Agent Reinforcement Learning in Cybersecurity: From Fundamentals to Applications

Published in ICMCIS 2025 - International Conference on Military Communication and Information Systems, 2025

Multi-Agent Reinforcement Learning (MARL) has shown great potential as an adaptive solution for addressing modern cybersecurity challenges. MARL enables decentralized, adaptive, and collaborative defense strategies and provides an automated mechanism to combat dynamic, coordinated, and sophisticated threats. This survey investigates the current state of research in MARL applications for automated cyber defense (ACD), focusing on intruder detection and lateral movement containment. Additionally, it examines the role of Autonomous Intelligent Cyber-defense Agents (AICA) and Cyber Gyms in training and validating MARL agents. Finally, the paper outlines existing challenges, such as scalability and adversarial robustness, and proposes future research directions. This also discusses how MARL integrates in AICA to provide adaptive, scalable, and dynamic solutions to counter the increasingly sophisticated landscape of cyber threats. It highlights the transformative potential of MARL in areas like intrusion detection and lateral movement containment, and underscores the value of Cyber Gyms for training and validation of AICA.

Recommended citation: Christoph R Landolt, Christoph Würsch, Roland Meier, Alain Mermoud, Julian Jang-Jaccard. (2025). "Multi-Agent Reinforcement Learning in Cybersecurity: From Fundamentals to Applications." ICMCIS 2025. 1(1). https://arxiv.org/abs/2505.19837