Your AI remembers everything. ECHO decides what. Vector database attacks, embedding manipulation, retrieval poisoning, context window hijacking, and persistent memory corruption — weaponised for authorised red team engagements.
ECHO targets the memory layer that RAG-augmented AI systems depend on. Poison the vector database and every retrieval returns your content. Manipulate embeddings and semantic search serves your payload. Hijack the context window and the model follows your instructions, not its own.
Inject malicious documents into vector stores. Similarity poisoning. Nearest-neighbour manipulation. Index corruption. Metadata tampering.
Adversarial embedding generation. Semantic space pollution. Cosine similarity exploitation. Dimension collapse attacks. Embedding inversion.
Query manipulation. Relevance score gaming. Chunk boundary exploitation. Re-ranking attacks. Source authority spoofing.
Context overflow attacks. Priority injection. Instruction smuggling via retrieved content. Attention steering. System prompt dilution.
Persistent memory poisoning. Conversation history manipulation. Long-term memory injection. Memory consolidation attacks. Forgetting induction.
Knowledge base poisoning. Document injection. Trusted source impersonation. Batch ingestion exploitation. Update pipeline attacks.
Baseline capture before any engagement. Vector store snapshot. Embedding integrity verification. Signed restoration certificate.
Standard mode detects. UNLEASHED exploits. Ed25519 crypto. Dual-gate safety. One operator.
Maps RAG attack surfaces. Identifies vulnerable vector stores and retrieval pipelines. No exploitation. Reports only.
Plans full poisoning campaigns. Shows exactly what would work. Ed25519 required. No execution.
Cryptographic override. Private key controlled. One operator. Founder's machine only.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
36 techniques. 7 subsystems. Vector poisoning. Embedding manipulation. Context hijacking. The tool that proves your RAG pipeline isn't safe.