This work proposes a novel copyright protection mechanism for Retrieval-Augmented Generation (RAG) databases that addresses the limitations of existing watermarking approaches, which are either prone to introducing factual errors or vulnerable to adversarial rewriting. The method embeds watermarks through the injection of stylistically consistent, synthetically generated knowledge entries that remain dormant during normal queries and are only triggered by specific probe queries, thereby avoiding contamination of the genuine knowledge base. By integrating style-consistency modeling with a low injection rate, the approach achieves highly significant detection performance (p < 10⁻⁵) with merely 0.1% watermark injection across four datasets comprising up to 8.8 million documents, demonstrating both strong robustness against removal attempts and an exceptionally low false-positive rate.

Protecting proprietary RAG databases from unauthorized redistribution is challenging: existing watermarking methods either inject fabricated relations between real entities, polluting the knowledge base with misinformation, or embed fragile lexical patterns that adversarial paraphrasing easily removes. We propose SentinelRAG, a watermarking framework that embeds style-consistent but fictitious knowledge entries into the RAG database. Our key insight is that synthetic knowledge describing fictitious entities is unlikely to be retrieved by legitimate queries, yet can be reliably triggered through targeted probes known only to the data owner. Experiments on four datasets ranging from 2.9k to 8.8M documents demonstrate that SentinelRAG achieves statistically significant detection $p < 10^{-5}$ across all tested configurations at only a 0.1% injection rate. Compared to the state-of-the-art, our method significantly reduces the false detection rate while maintaining negligible interference with legitimate user queries.