Multimodal Retrieval-Augmented Generation (mRAG) has been widely adopted in vision-related tasks, yet its retrieval mechanism may inadvertently expose sensitive information from private datasets, posing significant privacy risks. This work presents the first systematic evaluation of privacy leakage in mRAG under standard prompting conditions. Through carefully designed experiments, we investigate whether an adversary can determine whether a specific image resides in the retrieval corpus and further extract its associated metadata, such as textual descriptions, solely through query interactions. Our findings reveal that current mRAG architectures lack adequate privacy-preserving safeguards, thereby exposing vulnerabilities that could be exploited to compromise data confidentiality. This study provides empirical evidence and critical insights to guide the development of privacy-aware multimodal systems in future research.

The growing adoption of multimodal Retrieval-Augmented Generation (mRAG) pipelines for vision-centric tasks (e.g. visual QA) introduces important privacy challenges. In particular, while mRAG provides a practical capability to connect private datasets to improve model performance, it risks the leakage of private information from these datasets during inference. In this paper, we perform an empirical study to analyze the privacy risks inherent in the mRAG pipeline observed through standard model prompting. Specifically, we implement a case study that attempts to infer the inclusion of a visual asset, e.g. image, in the mRAG, and if present leak the metadata, e.g. caption, related to it. Our findings highlight the need for privacy-preserving mechanisms and motivate future research on mRAG privacy.