This work addresses the challenge of efficiently reconstructing the hidden entity-relation graph structure within black-box GraphRAG systems under stringent query budgets. To this end, we propose AGEA, the first query-efficient agent-based graph extraction attack framework. AGEA integrates a novelty-guided exploration-exploitation strategy, an external graph memory module, and a two-stage graph extraction pipeline that combines lightweight discovery with large language model–assisted filtering. This design significantly enhances both reconstruction efficiency and accuracy. Empirical evaluations on medical, agricultural, and literary datasets demonstrate that AGEA recovers up to 90% of entities and relations under identical query budgets, substantially outperforming existing baseline methods.

Graph-based retrieval-augmented generation (GraphRAG) systems construct knowledge graphs over document collections to support multi-hop reasoning. While prior work shows that GraphRAG responses may leak retrieved subgraphs, the feasibility of query-efficient reconstruction of the hidden graph structure remains unexplored under realistic query budgets. We study a budget-constrained black-box setting where an adversary adaptively queries the system to steal its latent entity-relation graph. We propose AGEA (Agentic Graph Extraction Attack), a framework that leverages a novelty-guided exploration-exploitation strategy, external graph memory modules, and a two-stage graph extraction pipeline combining lightweight discovery with LLM-based filtering. We evaluate AGEA on medical, agriculture, and literary datasets across Microsoft-GraphRAG and LightRAG systems. Under identical query budgets, AGEA significantly outperforms prior attack baselines, recovering up to 90% of entities and relationships while maintaining high precision. These results demonstrate that modern GraphRAG systems are highly vulnerable to structured, agentic extraction attacks, even under strict query limits.