• workshop_dense_100#slide 70

RAG, or Retrieval-Augmented Generation, is a method in which a model retrieves relevant external material and uses that retrieved context to generate an output. In the RAIDT corpus, however, the important point is not retrieval alone but provenance-first retrieval: the system should expose which sources were retrieved, under what policy, and how those sources shaped the answer. This is why RAG sits within influence methods as governance interventions. It shifts the system away from unsupported, model-internal recall and towards source-linked generation that can be inspected by reviewers.

RAG matters in RAIDT because it is the strongest single lever for improving the provenance side of the framework. Across the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability), the papers repeatedly position RAG as especially powerful for Traceability and Interpretability, and useful for Auditability when retrieval logs, citations, hashes, and reviewer protocols are present. In a RAIDT score profile, and using anchors 1=missing / 3=partial / 5=audit-ready, RAG often marks the difference between an answer that sounds plausible and an answer that is contestable. It does not solve everything on its own: PEFT or LoRA may still be needed for domain steadiness, and RLHF may help with tone or risk salience. Even so, RAIDT treats RAG as foundational because it makes the run as the unit of governance observable through a run-level evidence pack containing retrieval IDs, source hashes, prompt lineage, output hashes, and adjudicated scores.

In cybersecurity, a SOC assistant can use RAG to draft an incident narrative from IDS alerts and internal playbooks. Rather than generating a generic explanation from parametric memory, the system retrieves the relevant flow records, time windows, and response guidance, then produces a report whose claims are tied to those artefacts. Analysts can see which traffic features or playbook sections supported the narrative.

This matters operationally because forensics depends on recallable evidence. If an analyst challenges the report, the team can inspect the stored retrieval IDs, scores, source hashes, prompt version, and output hash in the run-level evidence pack. RAIDT therefore values RAG not simply because it improves factual grounding, but because it turns an incident summary into a contestable governance object that can be reviewed, replayed, and audited.

• 06-RAIDT_RAG_V1
• 05-RAIDT_LoRA_V2
• 07-RAIDT_RLHF_V1