Building a production RAG stack on ChromaDB, LangChain, and FastAPI -- and uncovering an unauthenticated vector database open to arbitrary writes from anyone on the network. Episode 3.4A of the AI Infrastructure Security Series.
Seven findings against a Presidio + LiteLLM DLP stack -- guardrails silently fail, encodings bypass detection, and Open WebUI stores every prompt unmasked.
Julius, Augustus, Garak, Promptfoo, and AI-Infra-Guard run against the same Ollama target from the prequel -- same vulnerability, but structured bypass rates, named CVE matches, and repeatable test configs that survive a security review.