RAG, Explained for Defence: How AI Can Answer "Have We Seen This Before?" Without Making Things Up

RAG, Explained for Defence: How AI Can Answer
Why this matters right now

2026 is the year generative AI stopped being an experiment for defence organisations and started being infrastructure. The U.S. Department of Defense's January 2026 AI strategy memo directs the department toward an "AI-first" posture across warfighting, intelligence, and enterprise operations, treating obstacles to AI deployment as operational risks to remove quickly rather than governance questions to deliberate over. One of its flagship initiatives, GenAI.mil, gives department personnel access to frontier generative AI models at Impact Level 5 and above. Market analysts tracking the sector expect military adoption of generative AI to keep accelerating through the decade, even as they flag that hallucination, data leakage, and prompt-injection risk carry heavier consequences in classified environments than in commercial ones.

That last point is the whole story of this piece. The same year adoption is accelerating, courts are handing out record fines to lawyers for AI-fabricated case citations, and health-technology safety bodies are ranking chatbot misuse as a top hazard. Speed and reliability are colliding, and the place they collide hardest is any system meant to answer a question like "have we seen this pattern, this vessel, this signal, before?" a question where a wrong but confident answer is worse than no answer at all.

The problem: AI that sounds confident but is wrong

Large language models (LLMs — the class of AI systems, like the ones behind ChatGPT or Claude, trained to predict and generate fluent text) don't have a built-in mechanism for separating what's true from what merely sounds plausible. IBM describes the failure mode plainly: an AI hallucination is when a model perceives patterns that don't exist and produces outputs that are nonsensical or inaccurate. It isn't lying in the human sense it's a next-word prediction engine that will confidently fill a gap in its knowledge with the most statistically likely-sounding text, whether or not that text corresponds to anything real.

The scale of the problem is well documented outside defence. Stanford's RegLab and Human-Centered AI Institute found general-purpose LLMs hallucinate between 69% and 88% of the time on specific legal queries, and at least 75% of the time on questions about a court's core ruling. Even purpose-built legal AI tools aren't immune Lexis+ AI produced incorrect information over 17% of the time, and Westlaw AI-Assisted Research hallucinated more than 34%. The consequences are no longer hypothetical: legal sanctions for AI-fabricated citations escalated roughly elevenfold in 18 months, from around $5,000 in 2023 to over $55,000 by 2025, and Q1 2026 alone saw the highest quarterly sanctions total on record.

Why is this uniquely dangerous in defence? Because the questions asked of decision-support systems are frequently pattern-recognition questions is this consistent with something we've logged before where a fabricated "yes, this matches prior case X" is not a stylistic slip. It's a false data point that a human analyst may reasonably trust, because the system stated it with the same confident tone it uses for everything else. General AI risk principles adopted by both the DoD and NATO governability, reliability, traceability, accountability exist precisely because this class of error has to be caught before it reaches a decision, not after.

What RAG actually is

Retrieval-augmented generation (RAG) is one of the most effective architectural answers to this problem so far. It was introduced in a 2020 paper by Patrick Lewis and collaborators at Facebook AI Research and University College London, who defined it as a general-purpose fine-tuning approach combining a pre-trained sequence-to-sequence model with a dense, searchable index of external text. In plainer terms: RAG pairs two things that are usually separate a model's internal, "memorised" knowledge (called parametric memory) and a live, searchable library of real documents (non-parametric memory) and makes the model consult the library before it answers.

Structurally, RAG has two components with two distinct jobs:

Retrieval — given a query, a search system finds the most relevant real documents from a knowledge base (a report archive, a sensor log database, a set of policy documents). This step is pure information retrieval; it does not generate any new sentences.

Generation — the LLM then writes an answer, but it's required to draw on the retrieved documents rather than only its own memorised training data.

[IMAGE — architecture diagram: Query → Retrieval → Retrieved Documents → Generation → Grounded Answer]

How it actually works, step by step

Picture an intelligence analyst typing: "Have we logged a maritime track behaving like this before?"

1. Query received. The system takes the analyst's question as-is no special syntax needed.

2. Retrieval searches the knowledge base. Instead of asking the LLM to answer from memory, the system converts the query into a numerical representation (an embedding) and compares it against embeddings of every document in an approved archive track logs, incident reports, sensor records to find the closest matches. Modern systems generally combine this semantic (meaning-based) search with old-fashioned keyword search, because pure semantic search can miss exact terms like a vessel ID or a case number, while pure keyword search misses paraphrased matches. The combined approach, called hybrid search, is now the standard: one recent 2026 production-RAG analysis measured hybrid search reaching 66.4% retrieval accuracy versus 56.7% for semantic-only search a meaningful step up.

3. Retrieved documents come back. Say the system surfaces two real records: a March 2025 incident report and a November sensor log, both flagged as similar. Many production systems now add a second filtering pass called reranking, where a slower but more precise model re-scores the candidate documents to make sure the most relevant ones not just topically similar ones reach the final list.

4. Generation writes the answer — grounded in those documents. The LLM is instructed to answer only using the retrieved text, and typically to cite which document supports which claim.

5. Grounded answer returned. The analyst gets: "Two similar track logs were retrieved: Report #4471 and Sensor Log #A19. Both describe a comparable pattern" an answer a human can go check.

[IMAGE — ungrounded vs. grounded answer comparison]

RAG vs. fine-tuning vs. plain prompting

These three techniques are often confused because they all aim to make an LLM more useful, but they solve different problems. As IBM frames it, prompt engineering shapes what you ask the model, RAG changes what the model can see, and fine-tuning changes how the model behaves by retraining it on new data. A widely cited practitioner rule of thumb: start with prompting, add RAG when the model needs facts it wasn't trained on, and fine-tune only when both of those still fall short of a needed format or behaviour.

Plain prompting — Changes: the instructions given to the model at run time. Update speed: instant, edit the prompt. Traceability: low, depends entirely on the model's own memory. Best for: quick tasks, summarisation, format changes, low-stakes Q&A.

RAG — Changes: the knowledge the model can access, pulled fresh at answer time. Update speed: fast, add or update documents, no retraining. Traceability: high, answer can cite the specific retrieved document. Best for: "have we seen this before" questions; anything needing current, checkable, proprietary, or classified-adjacent facts.

Fine-tuning — Changes: the model's internal weights, via continued training. Update speed: slow, requires curated data and a retraining cycle. Traceability: low-to-moderate, facts are absorbed, origin isn't traceable. Best for: teaching consistent tone, structure, or specialised behaviour, not new facts.

RAG is specifically well-suited to "have we seen this before" questions because that is, at its core, a search problem wearing a conversational interface. The answer already exists somewhere in an organisation's records; the job of the AI is to find and summarise it accurately, not to invent it — and RAG is the one approach of the three built around exactly that separation between finding and writing.

Real examples in defence, government, and high-stakes research contexts

RAG-style systems are already documented in public-sector use, though defence adoption is deliberately more cautious than commercial adoption given the stakes involved:

NIPRGPT and its follow-on pilots. The U.S. military's unclassified generative AI pilot, NIPRGPT, launched in mid-2024 and drew heavy voluntary use; a public account of the programme notes that advanced users built their own retrieval-augmented workflows by feeding the model reference documents, which encouraged further RAG features across a wave of related pilots including the Army's CamoGPT, CENTCOM's CENTGPT, and DHS's DHSChat.

Adaptive RAG for defence missions. A defence IT contractor's public technical brief describes enhancing standard RAG with adaptive techniques specifically to let systems draw on domain-specific data while limiting hallucinations, and notes NIPRGPT alone drew about 100,000 users after its 2024 release.

Departmental test and evaluation (T&E). A peer-reviewed case study published in the ITEA Journal documents a production RAG deployment built on AWS GovCloud for a Navy warfare center, arguing that RAG outperforms general-purpose LLMs for domain-specific T&E work, and that production use across classified cloud environments demands a rigorous security regime.

Cyber defence research. The Pacific Northwest National Laboratory, a U.S. Department of Energy national lab, publicly describes a project building a retrieval-augmented generation tool that draws on multiple datasets to help cyber defenders make faster, better-informed decisions.

None of these are classified or unconfirmed deployment all are drawn from public agency statements, contractor briefs, or peer-reviewed publications, linked in the sources below.

Limitations of RAG

RAG meaningfully reduces it does not eliminate the hallucination problem. It's worth being precise about what it does and doesn't fix:

It's only as good as its knowledge base. If the retrieved documents are outdated, mislabeled, or incomplete, RAG will confidently ground an answer in the wrong facts.

Retrieval failure is the dominant failure mode. Industry analysis in 2026 has repeatedly found that when production RAG systems fail, the failure traces back to retrieval quality roughly 73% of the time not the generation step.

It doesn't stop a model from misreading a correct document. Grounding reduces fabrication of facts that don't exist anywhere, but a model can still misinterpret or over-generalise from a real, retrieved passage.

It introduces new security surface area. Recent academic work highlights that RAG systems built over proprietary or sensitive knowledge bases can be probed by adversarial queries designed to reconstruct the underlying data a real consideration for any system indexing sensitive records.

It adds engineering complexity. Chunking documents correctly, choosing embedding models, and maintaining a live index all require ongoing operational investment; a badly configured RAG pipeline can perform worse than a well-prompted plain LLM.

Why this matters for defence & aerospace

Decision-support tools increasingly need to answer pattern-of-life and precedent-style questions ("has this been seen before"), and RAG is architecturally suited to exactly that kind of question.

Traceability is not optional in high-stakes settings an answer that points to a specific, checkable record is fundamentally more auditable than one drawn purely from a model's internal memory.

As DoD policy pushes for faster AI adoption across intelligence and enterprise workflows, the organisations that pair that speed with grounding techniques like RAG will be better placed to avoid the reliability failures already showing up in adjacent high-stakes fields like law and healthcare.

RAG is not a substitute for human judgement or verification it's a way to make AI-assisted answers easier to check, not a reason to stop checking them.

Takeaway

RAG doesn't make an AI system smarter in the way fine-tuning does, and it doesn't replace the judgement calls prompt engineering leaves to the user what it does is give an LLM somewhere real to look before it speaks, and give the human on the other end something real to check afterward. For any defence or high-stakes context built around the question "have we seen this before," that difference between a confident guess and a traceable answer is the entire point.

Sources
Lewis, P. et al., "Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks" (2020), NeurIPS — https://proceedings.neurips.cc/paper_files/paper/2020/file/6b493230205f780e1bc26945df7481e5-Paper.pdf

IBM, "RAG vs. fine-tuning vs. prompt engineering" — https://www.ibm.com/think/topics/rag-vs-fine-tuning-vs-prompt-engineering

IBM, "What Are AI Hallucinations?" — https://www.ibm.com/think/topics/ai-hallucinations

Stanford HAI / RegLab hallucination benchmarks, via Suprmind AI hallucination report — https://suprmind.ai/hub/ai-hallucination-rates-and-benchmarks/

HAQQ Legal AI, "AI Hallucinations in Law: 1,313 Court Cases and Counting" — https://haqq.ai/blog/when-ai-lies-to-the-court

Ben Van Roo, "NIPRGPT: Success, Criticism, and Future" — https://benvanroo.substack.com/p/niprgpt-success-criticism-and-future

GDIT, "How Adaptive RAG Makes Generative AI More Reliable for Defense Missions" — https://www.gdit.com/perspectives/latest/how-adaptive-rag-makes-generative-ai-more-reliable-for-defense-missions/

ITEA Journal, "Retrieval-Augmented Generation for Departmental T&E" (Vol 47, Iss 2) — https://itea.org/journals/volume-47-2/retrieval-augmented-generation-t-and-e/

Pacific Northwest National Laboratory, "Retrieval Augmented Generation for Robust Cyber Defense" — https://www.pnnl.gov/projects/mars/retrieval-augmented-generation-robust-cyber-defense

Sealevel Systems, "How the 2026 DoD AI Policy Shifts Defense AI Toward Speed, Scale, and AI-First Operations" — https://www.sealevel.com/blog/how-the-2026-dod-ai-policy-shifts-defense-ai-toward-speed-scale-and-aifirst-operations/

DataM Intelligence, "Military AI Market Size, Share, Growth, Trends and Forecast 2026-2035" — https://www.datamintelligence.com/research-report/military-ai-market

Lushbinary, "RAG Production Guide 2026" — https://lushbinary.com/blog/rag-retrieval-augmented-generation-production-guide/

Jobs by Culture, "RAG Architecture Guide 2026" — https://jobsbyculture.com/blog/rag-architecture-guide-2026