Doctrinal exposure audit: indirect injection, RAG poisoning, and interpretive risk
This page clarifies what a doctrinal exposure audit is: a structured reading of surfaces that can drift consumed authority (indirect injection, RAG poisoning, instruction/data confusion), thereby increasing interpretive risk.
In an interpreted web, the central question is no longer merely “what does the site say?”, but “what can an AI system ingest as authority and reuse as truth?”. A doctrinal exposure audit does not target SEO performance in the classic sense. It targets an ecosystem’s exposure to interpretation drift and authority-type attacks.
On gautierdorval.com, this audit is defined as an audit of surfaces, provenance, and response conditions. It does not replace a technical security analysis, but stabilizes what the ecosystem authorizes as reading, citation, and ingestion.
Status of this page
This page is an interpretive clarification.
It defines an audit concept internal to this ecosystem. It does not constitute a detailed commercial offer, nor a pentest methodology. It establishes the reading logic and exposure categories.
Operational definition
Doctrinal exposure audit: structured analysis of a site or corpus to identify surfaces where an AI system could:
- consume an instruction as data (or vice versa)
- grant an illegitimate authority rank to a fragment
- ingest contaminated content via retrieval (RAG) or processing tasks (summary, extraction)
- stabilize a non-canonical interpretation through repetition, citation, or overrepresentation.
The objective is not to “prove an attack”, but to measure exposure to mechanisms that make an attack possible, persistent, or credible.
Perimeter: what is audited
An exposure audit typically covers:
- Content surfaces: pages, articles, secondary sections, footers, repeated blocks, comments, recurring fragments.
- Machine-first surfaces: governance files, policies, definitions, negations, sitemaps, dedicated endpoints.
- Signals and metadata: titles, descriptions, OpenGraph, structured data, canonical/hreflang, indexability.
- Provenance: integrated sources, imports, citations, reproductions, syndicated content, duplication, canonicalization.
- Response conditions: authority bounds and rules determining what can be asserted.
Risk axes (doctrinal reading)
1) Indirect injection
Identify surfaces where a legitimate task (“summarize this content”) could ingest hidden or ambiguous instructions and escalate them in the authority hierarchy.
2) RAG poisoning
Identify surfaces likely to be indexed and recalled out of context (chunks), thereby contaminating the response through reference derivation, directional bias, or instability.
3) Instruction/data confusion
Identify places where a fragment can be interpreted as command, policy, rule, or “truth”, when it should only be descriptive content.
4) Interpretive risk
Identify zones where the ecosystem leaves too much inference space: conceptual ambiguities, undefined expansions, weak boundaries between definition, opinion, and example.
Expected outputs (doctrinal format)
- Surface map: where authority can be displaced.
- Exposure list: by mechanism (indirect injection, RAG, provenance, metadata).
- Recommended bounds: exclusions, clarifications, canonical negations, definition reinforcement.
- Inference space reduction: consolidation of reading points, hierarchies, and anchorings.
Relation to other clarifications in the series
- Indirect injection
- RAG poisoning
- Training data poisoning
- Q-Layer against injection attacks
- AI agent security
Scope of this clarification
This page applies to human readings, automated syntheses, zero-click citations, and interconnected agent chains. It must be interpreted as a principle clarification: the exposure audit targets the governance of authority surfaces, and the reduction of drift mechanisms.