On September 29, 2025, two significant developments in the world of digital privacy and artificial intelligence converged, casting a spotlight on the urgent need for robust privacy and security measures in both advanced AI systems and everyday mobile applications. Researchers at the University of South Florida unveiled a landmark formal threat model for Retrieval-Augmented Generation (RAG) systems, while NowSecure, a mobile app security company, announced the launch of NowSecure Privacy, a solution designed to address systemic privacy blind spots in mobile applications. Together, these efforts underscore the mounting challenges—and emerging solutions—facing organizations as they grapple with the risks of sensitive data exposure in an increasingly connected world.
Retrieval-Augmented Generation, or RAG, is a rapidly evolving technique in natural language processing that combines the generative power of large language models (LLMs) with external knowledge sources like databases and document repositories. According to the University of South Florida research team, comprised of Atousa Arzanipour, Rouzbeh Behnia, Reza Ebrahimi, and Kaushik Dutta, this hybrid approach offers more accurate and up-to-date responses but also introduces novel privacy and security vulnerabilities that have, until now, been largely unaddressed.
Their newly published formal threat model represents the first structured analysis of the unique vulnerabilities that arise when LLMs are paired with external retrieval mechanisms. As outlined in their findings, the RAG system operates in two main phases: retrieval and generation. First, a user’s query is embedded into a vector and matched with similar document embeddings from a knowledge base. The most relevant documents are selected and combined with the original query, creating an augmented prompt for the LLM to generate a final response. While this process enhances the quality of responses, it also opens up a host of new attack surfaces.
The research formalizes several key threat vectors. Among the most concerning are the risks of revealing sensitive information from retrieved documents, malicious data injection, document-level membership inference (where an attacker determines if a specific document was used in retrieval), and adversarial manipulation of system behavior. The team developed a taxonomy of potential adversaries, ranging from uninformed outsiders who attempt to extract information through queries alone, to aware insiders with privileged system access who can combine internal and external knowledge for more powerful attacks.
“Our work addresses a critical gap in the field by establishing the first formal threat model specifically designed for retrieval-augmented generation systems, moving beyond existing analyses of standalone language models,” the researchers stated. Their framework incorporates Differential Privacy (DP), a mathematical approach to limiting the influence of individual data points on model outputs, and extends DP definitions to account for the added risks introduced by external document stores.
To mitigate these risks, the researchers recommend a multi-pronged defense strategy. This includes adding noise to both the retrieval and output processes to obscure individual data points, input validation and sanitization to prevent prompt injection attacks, regular auditing of knowledge sources, adversarial training to make models more robust, and the design of secure RAG architectures from the ground up. The team also points to the importance of removing or obscuring sensitive information from retrieved documents before they are processed by the LLM. However, they caution that these defenses require careful implementation and ongoing evaluation to remain effective as attack techniques evolve.
As RAG systems become more widely used in critical applications, the need for trustworthy AI that can reliably access and utilize external knowledge without compromising sensitive data is only growing. The University of South Florida’s work lays the foundation for more rigorous privacy and security standards in this fast-moving field.
Meanwhile, the risks of sensitive data exposure are not limited to cutting-edge AI systems. Everyday mobile applications—used by billions of people worldwide—are also facing mounting scrutiny for their handling of personal information. On the same day as the RAG research release, NowSecure announced the launch of NowSecure Privacy, a comprehensive solution aimed at helping organizations identify and fix privacy blind spots in both first-party and third-party mobile apps.
NowSecure’s research, published alongside the product launch, paints a sobering picture of the current mobile app landscape. In August 2025 alone, over 77% of 50,000 tested mobile apps were found to contain common forms of Personally Identifiable Information (PII). Even more alarming, 98% of iOS apps had incomplete privacy manifests due to omissions related to third-party components, in violation of Apple’s transparency requirements. The study found that 35% of iOS apps failed to declare collected data observed during testing, and 10% of Android apps did not even declare a data safety section in their Google Play store listings.
“When it comes to enterprise privacy risk, mobile applications are some of the worst offenders, yet the risks persist unaddressed,” said Ed Amoroso, CEO of Tag Cyber, in a statement. “NowSecure Privacy is a major step forward in mobile application risk management. It provides enterprises with the visibility and control to maintain both code integrity and data privacy while bolstering user trust and safety.”
Since August 2025, 75% of iOS apps and 70% of Android apps tested (a total of 25,000 apps) were found to collect, store, transmit, or share sensitive data with third parties. The proliferation of artificial intelligence in mobile apps adds another layer of complexity: among 183,000 mobile apps scanned in 2025, 18.3% (33,396 apps) used AI, and 3,541 of these sent data to AI endpoints, raising the specter of sensitive data leakage and loss of intellectual property.
NowSecure Privacy aims to address these issues through automated privacy testing at scale, continuous static and dynamic analysis, and human-augmented testing to uncover hidden data leaks, unsafe SDKs, improper AI usage, and unauthorized data sharing. The solution provides detailed privacy risk reporting, mapping findings against standards like GDPR, CCPA, HIPAA, and OWASP MASVS Privacy, enabling organizations to prioritize risks, streamline governance, and demonstrate compliance.
“Mobile application risk is data-centric and privacy is all about properly managing and securing data. Strong mobile security requires equally strong privacy controls,” said Alan Snyder, CEO of NowSecure. “Our solution gives enterprises full visibility into what data their apps collect, share, and transmit—allowing them to prevent violations before they become a reputation or regulatory incident.”
Both the University of South Florida’s formal threat model for RAG systems and NowSecure’s privacy solution for mobile apps highlight a common theme: as digital systems grow more complex and interconnected, the potential for privacy violations and security breaches increases in tandem. The path forward will require not only technical innovation but also continuous vigilance, robust standards, and a willingness to adapt as new threats emerge. Organizations that invest in these protections now will be far better positioned to maintain trust and compliance in the digital age.
