25 vulnerabilities. 15 challenges. 22 API endpoints. Every one mapped to the OWASP RAG Security Cheat Sheet (submitted, PR #2131). RAG Has an Attack Surface Nobody Is Testing in detail. Every enterprise AI chatbot, copilot, and knowledge assistant uses Retrieval-Augmented Generation (RAG). Documents go in. Answers come out. Between those two steps is an attack surface that most teams have never tested. Document poisoning. Cross-tenant data leakage. Embedding inversion. Cache poisoning. Prompt injection via retrieved content. Tool execution from model output. None of these are theoretical. They are happening in production. The problem: there was nowhere to practice attacking a RAG pipeline safely. DVWA exists for web apps. DVMCP exists for MCP servers. Nothing existed for RAG. So we built DVRAG. What Is DVRAG DVRAG is a deliberately insecure RAG pipeline. Pull the Docker image, run it, and start attacking. Every vulnerability is intentional, documented, and mapped to the attack surfaces seen in the wild.…