Machine-learning · February 10, 2026

Why Most RAG Systems Fail in Production

Common Pitfalls and Practical Fixes for Reliable Retrieval-Augmented Generation

by Perivitta 30 mins read Intermediate
Share
Back to all posts

Why Most RAG Systems Fail in Production: Common Pitfalls and Practical Fixes

  • RAG systems that look impressive in demos frequently break in production, not because the AI model is bad, but because the retrieval pipeline is poorly engineered.
  • The most common failure points are chunking strategy, embedding model mismatch, stale document indexes, and missing evaluation frameworks.
  • Retrieval quality is the most important factor in RAG performance, a great generator cannot compensate for retrieval that returns the wrong context.
  • Security vulnerabilities in RAG systems are real and underappreciated: prompt injection and unauthorised document access are serious production risks.
  • A RAG system without a formal evaluation framework cannot be improved reliably, you are flying blind every time you make a change.

Introduction

RAG (Retrieval-Augmented Generation) is one of the most popular techniques for building AI applications. The idea is intuitive: instead of hoping the AI model already knows the answer, you first retrieve relevant documents from a knowledge base and then ask the model to answer based on those documents. This allows AI to answer questions about your company's internal knowledge, recent events, or private documents, without retraining the model.

For enterprise teams, this is a compelling value proposition. You get the reasoning capabilities of a large language model applied to your proprietary data, without the cost and complexity of fine-tuning. Customer support, internal knowledge bases, compliance Q&A, and document analysis are all natural fits for RAG.

The problem is that RAG systems which look impressive in demos frequently fail in real-world production. They return wrong answers, miss obvious documents, hallucinate confidently, or become too slow and expensive to run at scale. And the failures are almost never caused by the AI model being bad. They come from engineering problems in the retrieval pipeline.

Problem Statement

A typical RAG demo: upload a PDF, ask a question, get a correct-looking answer. Impressive in a presentation. Production systems face much harder conditions: thousands of documents with inconsistent formatting, users asking vague or multi-part questions, documents that change frequently making the index go stale, real traffic with latency requirements, and adversarial inputs from users who will try to extract system prompts or sensitive documents.

The gap between "it works on my demo PDF" and "it works reliably on fifty thousand documents under real user traffic" is where most RAG systems fail. The challenge is not the LLM, it is the entire pipeline of indexing, retrieval, and prompt engineering that surrounds it.

Supervised machine learning workflow showing training data, model training, and prediction pipeline
Figure: A RAG pipeline shares the same philosophy as any ML pipeline: every stage must work correctly for the system to work at all. If your retrieval is broken, no amount of model quality will save you. Treating RAG as a pipeline with distinct stages, not as a single magic box, is the first step toward building one that actually works. Source: EpochFail / Wikimedia Commons (CC BY-SA 4.0)

How RAG Works: The Three Phases

Before diving into failure modes, it is worth understanding the three distinct phases of a RAG pipeline, because each can fail independently.

In the indexing phase, your documents are split into chunks, each chunk is converted into an embedding, a list of numbers that captures its semantic meaning, and the embeddings are stored in a vector database alongside the original text.

In the query phase, when a user asks a question, that question is also converted into an embedding. The vector database finds the document chunks whose embeddings are most similar to the question embedding. These are the retrieved documents.

In the generation phase, the retrieved documents are passed to the language model as context. The model reads them and generates an answer based on that context rather than its training data.

A good model in phase three cannot compensate for broken retrieval in phase two or poor chunking in phase one. This is the fundamental insight that most RAG troubleshooting ignores: when RAG fails, start at the beginning of the pipeline, not with the model.

Core Concepts and Terminology

Term What It Means
Chunking Splitting documents into smaller pieces for indexing. The strategy, fixed-size, structure-aware, or semantic, significantly affects retrieval quality.
Embedding A numerical vector representation of text that captures semantic meaning. Documents and queries are compared by their embedding similarity.
Vector Database A database optimised for storing and querying embeddings by similarity (e.g., Pinecone, Weaviate, pgvector).
Reranking A second-pass scoring step that takes the initially retrieved chunks and re-orders them using a more precise relevance model before passing them to the LLM.
Hybrid Search Combining vector (semantic) search with keyword-based BM25 search to improve retrieval coverage for both conceptual and exact-term queries.
Prompt Injection An attack where malicious user input or document content is crafted to override the model's instructions, potentially exposing sensitive data or changing system behaviour.
Faithfulness The degree to which the generated answer matches the content of the retrieved documents, as opposed to relying on the model's training data.

Pitfall 1: Poor Document Chunking

Chunking is the step where you split documents into smaller pieces before generating embeddings. It seems like an implementation detail. In practice, it is one of the most consequential decisions you make in a RAG system.

Think of it this way: if you split a contract into tiny pieces, each piece is too small to contain a complete thought. The embedding captures essentially nothing useful. If you split it into enormous pieces, the embedding tries to capture too much and the meaning of any specific clause gets diluted, making it harder for the retrieval system to surface it in response to a precise question.

Common chunking mistakes include making chunks too large, so the retrieved context includes irrelevant material that confuses the model, and making chunks too small, so each chunk lacks enough context to be meaningful on its own. Splitting with no overlap between chunks means that an important sentence falling at a chunk boundary gets split between two chunks, and neither contains the complete thought. Splitting mid-table or mid-code-block destroys the structure that gives those elements their meaning.

The practical fixes are to chunk by document structure, headings, paragraphs, sections, rather than by fixed character count; to use chunk overlap of 10–20% so the last portion of one chunk is repeated at the start of the next; to keep tables, code blocks, and bullet lists intact within a single chunk; and to use parsers that understand the specific document format rather than treating every document as plain text.

A useful test: read a retrieved chunk in isolation. If it does not make sense on its own as a self-contained piece of information, your chunks are probably too small or poorly bounded.

Pitfall 2: Embedding Model Mismatch

Embeddings capture the meaning of text, but meaning is domain-specific. A general-purpose embedding model trained mostly on web text might encode legal terminology in a way that is appropriate for a general audience but wrong for a legal research context where precise distinctions matter.

Common mismatch scenarios include using a general English embedding model on legal documents full of Latin terms and procedural language, using an English-only model on a multilingual document collection, using a sentence-level model on documents where meaning spans multiple paragraphs, or using a code-focused model on a mixed natural language and technical documentation base.

The fix is to evaluate your embedding model with real queries from real users, not generic benchmarks designed for academic comparison. Build a small labeled dataset: for fifty to one hundred real queries, identify which documents should be retrieved, then measure whether your embedding model actually retrieves them. For domain-specific applications, consider fine-tuning an embedding model on your domain data. For multilingual collections, use multilingual embedding models designed for cross-lingual retrieval.

Pitfall 3: Retrieval Works But the Answer Is Still Wrong

One of the most frustrating failure modes: the system retrieves the right documents, but the AI still produces an incorrect or hallucinated answer. This usually happens because of how the retrieved context is handled in the prompt.

The retrieved context may be very long, and the model loses focus on the most relevant parts, a known limitation called the "lost in the middle" problem, where information at the beginning and end of a long context is better remembered than information in the middle. The prompt may not explicitly instruct the model to rely only on the provided context. The retrieved context may contain conflicting information from two documents that disagree, and the model blends them incorrectly. Or the model may have strong prior knowledge from training that overrides the retrieved context.

Two fixes matter most here. First, add explicit grounding instructions to your system prompt, instructing the model to answer only using the retrieved context and to acknowledge when the context does not contain enough information rather than filling the gap with general knowledge. Second, use reranking to filter the retrieved chunks before passing them to the model. A reranker, typically a cross-encoder model, takes each retrieved chunk and the query, and scores them together with much more accuracy than the initial vector similarity search. Keeping only the top-scoring chunks reduces context length and noise.

Pitfall 4: Inconsistent Retrieval Quality

A system that sometimes retrieves the right document and sometimes does not is worse than a consistently wrong system, because inconsistency makes it impossible to debug or trust. Users notice: "Sometimes the bot knows this policy, sometimes it acts like it does not exist."

The most effective fix is hybrid search, combining vector semantic search with keyword-based BM25 search. Vector search is good at meaning; keyword search is good at exact terms and names. For a query like "what is our GDPR data retention policy?", keyword search reliably surfaces documents containing those exact terms even when vector similarity is imperfect. Hybrid search almost always outperforms either approach alone.

A second fix is to retrieve more candidates and then rerank rather than retrieving the final number directly. Instead of retrieving the top five chunks, retrieve the top twenty and use a reranker to select the best five. More candidates means fewer misses. Metadata filtering, allowing retrieval to be restricted by document type, date range, department, or other attributes, also dramatically improves precision for specific queries.

Pitfall 5: Stale Document Index

A RAG system is only as current as its document index. In production, documents change constantly, policies are updated, product information changes, old documents become obsolete. If the index is not updated, the system provides outdated or contradictory information with the same confidence it uses for accurate information.

The consequences are real: a customer service bot quoting a policy that changed three months ago, a compliance system citing a regulation that has since been superseded, or contradictory answers from different versions of the same document both present in the index.

The solution requires building an ingestion pipeline that supports incremental updates, only re-indexing documents that have changed rather than rebuilding the entire index. Document version and last-updated metadata should be tracked in the vector store. Critically, deletion handling must be implemented: when a document is removed from the source system, its embeddings must also be removed from the index. Stale embeddings from deleted documents are a common source of outdated answers.

Pitfall 6: No Evaluation Framework

Many RAG systems are "evaluated" by asking a few questions, seeing that they look right, and shipping. This is not evaluation, it is wishful thinking. Without a formal evaluation framework, you cannot know if a change made the system better or worse. You cannot catch regressions. You cannot compare different chunking strategies or embedding models objectively. Every improvement is a guess.

A proper evaluation framework measures retrieval precision (of the documents retrieved, what fraction are actually relevant?), retrieval recall (of all the relevant documents that exist, what fraction were retrieved?), answer faithfulness (does the generated answer match the content of the retrieved documents, or did the model hallucinate?), answer correctness (is the final answer actually right?), and latency under realistic load.

Building this requires a benchmark dataset of fifty to two hundred real user questions paired with the expected correct answer or the expected source document. This dataset should be run automatically whenever a change is made to the pipeline. Tools like RAGAS and LlamaIndex Evaluation automate much of this measurement. Without this, every improvement to the pipeline is a guess. With it, every change is measurable and every regression is caught before it reaches users.

Pitfall 7: Prompt Injection and Security Vulnerabilities

Prompt injection is an attack where a malicious user crafts an input designed to override the model's instructions. In a RAG system, this is particularly dangerous because the model has access to retrieved documents, an attacker might craft a question designed to retrieve and expose sensitive documents. Malicious content can also be embedded directly in documents in the index, which then gets retrieved and influences the model's behaviour. This is called indirect prompt injection.

Classic injection attempts include instructions hidden in retrieved documents that tell the model to ignore its system prompt, requests that try to get the model to reveal the full retrieved context, or attempts to impersonate authorised users in the query.

Defenses include input filtering to detect known injection patterns before they reach the model, access control implemented at the retrieval layer so users can only retrieve documents they are authorised to see, avoiding exposing raw retrieved document content directly to users, and logging and monitoring suspicious query patterns. Multiple unusual queries from the same user is a signal worth investigating.

Pitfall 8: Latency and Cost at Scale

RAG adds multiple expensive steps to every query. Each step adds latency and cost: embedding the user's question, searching the vector database, optionally reranking results with a cross-encoder, and running the language model on the retrieved context, which is the most expensive step and grows with the amount of context provided.

In a demo with one user, this is fine. Under real traffic with hundreds of concurrent users, each of these steps must be optimised. Caching embeddings and retrieved results for common or repeated queries eliminates redundant computation for the most frequent questions. Reranking to reduce context size directly reduces tokens passed to the language model, cutting both cost and latency. Using smaller, faster models for auxiliary tasks like reranking or query classification reserves the expensive model budget for final answer generation where quality matters most.

Pitfall 9: Users Ask Questions Your System Was Never Designed For

Production users are unpredictable. A RAG system designed for factual lookups will also receive requests for document summaries, cross-document comparisons, and questions about topics outside the index entirely. Treating all of these with the same retrieval-and-answer pipeline produces poor results for most of them.

The solution is query classification and routing. Before retrieval, classify the query type and route it to the appropriate pipeline. Short factual questions go through standard RAG. Summarisation requests retrieve and summarise a whole document, not just the most similar chunk. Comparison or analysis questions trigger multi-step retrieval from multiple sources, then synthesis. Out-of-scope questions return a clear, helpful message explaining what the system can and cannot help with, rather than producing a hallucinated answer about something outside its knowledge.

Practical Example: Internal Knowledge Base for a Support Team

A software company builds a RAG system over its internal documentation, five thousand product pages, policy documents, and troubleshooting guides, for use by its customer support team.

In the first month, support agents report that the bot consistently gives outdated refund policy information and sometimes cannot find documents it was shown during testing. Investigation reveals three problems: the refund policy was updated two weeks before launch but the index was not refreshed; the embedding model was a general-purpose model that represents software-specific terminology poorly; and the chunking strategy split troubleshooting tables mid-row, making retrieved chunks incomplete.

After implementing structure-aware chunking, a domain-appropriate embedding model, incremental index updates triggered by documentation changes, and a benchmark of 150 real support questions, the team runs a comparison. Answer faithfulness improves from 61% to 84%. Retrieval recall for known-document queries improves from 73% to 91%. The fixes took two weeks and required no changes to the underlying language model.

Advantages of RAG Done Well

  • Knowledge without retraining. RAG gives an AI model access to up-to-date, private, domain-specific knowledge without the cost and complexity of fine-tuning.
  • Reduced hallucination for factual queries. When the model is explicitly grounded in retrieved documents, it hallucinates less on questions within the knowledge base's scope.
  • Updatable knowledge. Unlike a fine-tuned model where knowledge is baked into weights, a RAG index can be updated incrementally as documents change.
  • Auditable answers. Retrieved source documents can be shown to users, allowing them to verify the basis for the model's answer, a major advantage in compliance and legal contexts.

Limitations and Trade-offs

  • Retrieval quality caps overall quality. A great generator cannot compensate for consistently wrong retrieval. The pipeline is only as strong as its weakest component.
  • RAG does not fully eliminate hallucination. The model can still hallucinate details not present in the retrieved context, especially when context is ambiguous or conflicting.
  • Latency is higher than a plain chatbot. Every additional retrieval step adds latency that accumulates for users expecting sub-two-second responses.
  • Index maintenance is ongoing work. A RAG system requires operational effort to keep the index fresh, handle deletions, and monitor for quality degradation over time.
  • Out-of-scope questions are a challenge. The system does not automatically know when a question is outside its knowledge base, which can lead to confidently wrong answers on unsupported topics.

Comparison: RAG Retrieval Approaches

Approach Strengths Weaknesses Best For
Vector Search Only Good at semantic similarity and paraphrased queries Poor for exact terms, names, and codes General knowledge Q&A
Keyword Search Only (BM25) Reliable for exact terms; fast and interpretable Misses semantically similar but differently-worded documents Legal and compliance documents with precise terminology
Hybrid Search Best coverage across both meaning and exact terms More complex to implement and tune Most production systems, the default recommendation
Hybrid + Reranking Highest retrieval precision; reduces irrelevant context significantly Adds latency from the reranking model; higher cost High-stakes domains where retrieval precision is critical

Common Mistakes

  • Treating chunking as a detail rather than a core architectural decision, it is one of the highest-leverage choices in a RAG system.
  • Evaluating the embedding model on generic benchmarks rather than on actual user queries from your domain.
  • Building the system without an evaluation framework, then being unable to tell whether changes help or hurt.
  • Failing to implement deletion handling in the index, so embeddings from removed documents continue to surface outdated answers.
  • Ignoring security, specifically, not implementing access control at the retrieval layer, which can expose sensitive documents to unauthorised users.
  • Measuring only average latency rather than tail latency (P95, P99), which hides the slow responses that damage user experience most.

Best Practices

  • Use structure-aware chunking with overlap rather than fixed-size character splitting. Respect document structure, tables, lists, and code blocks should remain intact.
  • Evaluate your embedding model on real queries from your users before committing to it for production.
  • Implement hybrid search from the start, vector plus keyword. The marginal complexity is far outweighed by the retrieval quality improvement.
  • Add explicit grounding instructions to your system prompt to reduce hallucination from the generation stage.
  • Build an evaluation benchmark before shipping and run it automatically on every pipeline change.
  • Implement incremental index updates with deletion handling and schedule regular full re-index runs as a fallback.
  • Apply access control at the retrieval layer, not just at the application layer. Users should never be able to retrieve documents they are not authorised to see.
  • Monitor P95 and P99 latency, not just averages. Cache common query results. Use smaller models for auxiliary steps.

FAQ

When should I use RAG versus fine-tuning?

Use RAG when your knowledge base changes frequently, when you need to cite sources for your answers, or when you need to incorporate private documents without exposing them to a model provider for fine-tuning. Use fine-tuning when you need the model to adopt a specific communication style, when your task requires domain-specific reasoning patterns rather than factual lookup, or when response speed is critical and you cannot afford retrieval latency.

How do I know if my retrieval is the problem or my generation?

Isolate the stages. First, manually inspect whether the retrieved chunks for a failing query actually contain the correct answer. If they do not, the problem is retrieval. If they do contain the answer but the model still gives a wrong response, the problem is generation, typically the context handling or the grounding instructions in your prompt.

What chunk size should I use?

There is no universal answer, but a useful starting point for most prose documents is chunks of 300 to 500 tokens with 10–20% overlap. For dense technical documentation, smaller chunks with more overlap tend to work better. For long-form narrative content, larger chunks preserve context better. Test your specific document types with your specific queries and measure retrieval precision, that is the only reliable guide.

Does RAG fully eliminate hallucination?

No. RAG significantly reduces hallucination for questions within the knowledge base's scope by grounding the model in retrieved context. But it does not eliminate hallucination entirely. The model can still introduce details not present in the retrieved documents, particularly when context is ambiguous, when retrieved chunks conflict, or when the model's prior training knowledge overrides the retrieved content. Strong grounding instructions in the prompt reduce this but do not eliminate it.

How do I handle documents in multiple languages?

Use multilingual embedding models designed for cross-lingual retrieval rather than English-only models. These models can match a query in English to a relevant document in French, for example, by embedding both in the same semantic space. Alternatively, normalise documents to a common language before indexing, though this adds preprocessing complexity and may lose nuance in translation.

References

  • Lewis, P., et al. (2020). Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks. NeurIPS 2020.
  • Gao, Y., et al. (2023). Retrieval-Augmented Generation for Large Language Models: A Survey. arXiv:2312.10997.
  • Karpukhin, V., et al. (2020). Dense Passage Retrieval for Open-Domain Question Answering. EMNLP 2020.
  • LlamaIndex Documentation. RAG Evaluation
  • Es, S., et al. (2023). RAGAS: Automated Evaluation of Retrieval Augmented Generation. arXiv:2309.15217.

Key Takeaways

  • RAG failures are almost always engineering failures in the retrieval pipeline, not model failures. Start debugging at chunking and embedding, not at the LLM.
  • Chunking strategy is a high-leverage decision. Structure-aware chunking with overlap dramatically outperforms fixed-size character splitting for most document types.
  • Hybrid search, vector plus keyword, should be the default for production RAG systems, not an optimisation to consider later.
  • A RAG system without a formal evaluation framework cannot be improved reliably. Build a benchmark dataset before you ship.
  • Implement access control at the retrieval layer. Users should only retrieve documents they are authorised to see.
  • Index freshness is an operational responsibility, not a one-time setup. Build deletion handling and incremental updates from the start.

Related Articles

AI in Finance: ML for Trading, Risk, and Fraud Detection
AI in Finance: ML for Trading, Risk, and Fraud Detection
Machine learning powers fraud detection, credit scoring, and algorithmic trading. Learn how...
Read More → Knowledge Distillation: How Small Models Learn from Big Ones
Knowledge Distillation: How Small Models Learn from Big Ones
Knowledge distillation trains a small student model to learn from a large...
Read More →
Found this useful?