Federated retrieval-augmented generation for cybersecurity in resource-constrained IoT and edge environments: A deployment-oriented scoping review

Authors/Creators

• Hangyu He
• Yuan
• Kai Wu
• Wei Ni, Edith Cowan UniversityFollow

Author Identifier (ORCID)

Wei Ni: https://orcid.org/0000-0002-4933-594X

Abstract

Cybersecurity operations in IoT and edge environments require fast, evidence-grounded decisions under strict resource and trust constraints. While large language models can support triage and incident analysis, their parametric knowledge may be outdated and prone to hallucination. Retrieval-augmented generation (RAG) improves grounding by conditioning responses on retrieved evidence, but also introduces new risks such as knowledge-base poisoning, indirect prompt injection, and embedding leakage. Federated learning enables collaborative adaptation without centralizing sensitive data, motivating federated RAG (FedRAG) architectures for distributed cybersecurity deployments. This study presents a deployment-oriented scoping review of FedRAG for cybersecurity. The review follows PRISMA-ScR reporting guidance and synthesizes 82 studies published between 2020 and 2026, identified through keyword search and citation snowballing over OpenAlex, arXiv, and Crossref. We develop a taxonomy that clarifies the components of federated systems, deployment locations, trust boundaries, and protected assets. We further map the combined RAG+FL attack surface, summarize practical defenses and system patterns, and distill actionable guidance for secure, privacy-preserving, and efficient FedRAG deployment in real-world IoT and edge scenarios. Our synthesis highlights recurring trade-offs among robustness, privacy, latency, communication overhead, and maintainability, and identifies open research priorities in benchmark design, governance mechanisms, and cross-silo evaluation protocols for practical deployment.

Keywords

Cybersecurity, edge computing, federated learning, federated search, Internet of Things, knowledge base poisoning, privacy-preserving retrieval, prompt injection, retrieval-augmented generation

Document Type

Journal Article

Date of Publication

4-1-2026

Volume

15

Issue

7

Publication Title

Electronics

Publisher

MDPI

School

School of Engineering

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 License.

Comments

He, H., Yuan, X., Wu, K., & Ni, W. (2026). Federated retrieval-augmented generation for cybersecurity in resource-constrained IoT and edge environments: A deployment-oriented scoping review. Electronics, 15(7), 1409. https://doi.org/10.3390/electronics15071409