This paper introduces RobustRAG, a novel defense framework against retrieval corruption attacks in retrieval-augmented generation (RAG). Retrieval corruption attacks involve injecting malicious passages into the retrieval results to mislead the model's responses. RobustRAG addresses this by employing an isolate-then-aggregate strategy, where each passage is processed independently, and the results are securely aggregated to ensure robustness. The framework includes two secure text aggregation techniques: keyword aggregation and decoding aggregation. These methods allow RobustRAG to maintain accuracy even when some retrieved passages are malicious. The paper demonstrates the effectiveness of RobustRAG across various tasks and datasets, showing its ability to achieve certifiable robustness. The authors also discuss the evaluation metrics, attack scenarios, and parameter analyses to validate the framework's performance. RobustRAG represents a significant advancement in securing RAG systems against adversarial attacks.This paper introduces RobustRAG, a novel defense framework against retrieval corruption attacks in retrieval-augmented generation (RAG). Retrieval corruption attacks involve injecting malicious passages into the retrieval results to mislead the model's responses. RobustRAG addresses this by employing an isolate-then-aggregate strategy, where each passage is processed independently, and the results are securely aggregated to ensure robustness. The framework includes two secure text aggregation techniques: keyword aggregation and decoding aggregation. These methods allow RobustRAG to maintain accuracy even when some retrieved passages are malicious. The paper demonstrates the effectiveness of RobustRAG across various tasks and datasets, showing its ability to achieve certifiable robustness. The authors also discuss the evaluation metrics, attack scenarios, and parameter analyses to validate the framework's performance. RobustRAG represents a significant advancement in securing RAG systems against adversarial attacks.