The continued promise of Large Language Models (LLMs), particularly in their natural language understanding and generation capabilities, has driven a rapidly increasing interest in identifying and developing LLM use cases. In an effort to complement the ingrained "knowledge" of LLMs, Retrieval-Augmented Generation (RAG) techniques have become widely popular. At its core, RAG involves the coupling of LLMs with domain-specific knowledge bases, whereby the generation of a response to a user question is augmented with contextual and up-to-date information. The proliferation of RAG has sparked concerns about data privacy, particularly with the inherent risks that arise when leveraging databases with potentially sensitive information. Numerous recent works have explored various aspects of privacy risks in RAG systems, from adversarial attacks to proposed mitigations. With the goal of surveying and unifying these works, we ask one simple question: What are the privacy risks in RAG, and how can they be measured and mitigated? To answer this question, we conduct a systematic literature review of RAG works addressing privacy, and we systematize our findings into a comprehensive set of privacy risks, mitigation techniques, and evaluation strategies. We supplement these findings with two primary artifacts: a Taxonomy of RAG Privacy Risks and a RAG Privacy Process Diagram. Our work contributes to the study of privacy in RAG not only by conducting the first systematization of risks and mitigations, but also by uncovering important considerations when mitigating privacy risks in RAG systems and assessing the current maturity of proposed mitigations.

翻译：大型语言模型（LLM）在自然语言理解与生成能力方面的持续突破，推动了对LLM应用场景识别与开发的迅速增长。为弥补LLM固有“知识”的局限性，检索增强生成（RAG）技术已获得广泛关注。RAG的核心在于将LLM与领域特定知识库相结合，通过引入上下文信息与实时数据来增强对用户问题的响应生成。随着RAG技术的普及，数据隐私问题日益引发担忧——尤其是在利用可能包含敏感信息的数据库时所产生的固有风险。近期大量研究从对抗性攻击到缓解方案等多个维度，探讨了RAG系统中的隐私风险。为系统梳理并整合现有成果，我们提出一个核心问题：RAG中存在哪些隐私风险？如何量化并缓解这些风险？为回答该问题，我们对关注隐私问题的RAG研究进行了系统性文献综述，并将研究成果整合为涵盖隐私风险、缓解技术与评估策略的完整体系。我们进一步提供两项核心成果：《RAG隐私风险分类体系》与《RAG隐私处理流程图》。本研究不仅首次系统化梳理了RAG隐私风险与缓解措施，还揭示了缓解RAG隐私风险时需考量的关键因素，并对现有缓解方案的成熟度进行评估，从而为RAG隐私研究领域作出贡献。