Privacera adds access control and data filtering functionality for Vector DB/RAG

Privacera announced the addition of new access control and fine-grained data filtering functionality for Vector DB/RAG to Privacera AI Governance (PAIG).

“In generative AI, Retrieval-Augmented Generation (RAG) systems operate by sourcing contextual information from a VectorDB, aggregating data from diverse origins such as Confluence Wiki pages, SharePoint, Databases, and support tickets, and other operational systems. These sources inherently possess their own access controls, so it’s crucial that the VectorDB inherits those and then maintains and enforces equivalent security measures when utilizing this data in generative AI applications,” said Don Bosco Durai, CTO at Privacera.

“PAIG makes it easy to maintain distinct access controls aligned with the original source permissions– an essential part of leveraging robust user- and group-level policy enforcement within VectorDB,” added Durai.

Securing sensitive data and managing other risks with AI applications is crucial to enable organizations to accelerate their generative AI product strategies and do so in a way that properly safeguards data. The latest additions to PAIG are designed to establish and administer access control policies and make fine-grained data control and filtering seamless.

PAIG allows organizations to securely innovate with GenAI technologies by securing the entire AI application lifecycle, from discovering and securing sensitive fine-tuning data, RAG, and user interactions feeding into AI-powered models to model outputs and continuous monitoring of AI governance through comprehensive audit trails.

The system manages contextual data to safeguard that data appropriately. The latest additions to PAIG will streamline this process, ensuring users can create robust user and group-level policy enforcement within VectorDB.

Upgraded features PAIG features include:

Seamless integration with multiple data sources: Users are now able to merge data from varied platforms like Confluence, SharePoint, Databases, and support tickets into VectorDB, ensuring original access policies of these sources are accurately reflected for users and groups.

Advanced classification-based filtering: Users can implement robust security and compliance policies through classification and tagging of data segments in VectorDB. For example, access to finance-related data in VectorDB can be restricted exclusively to members of the finance team, or embeddings tagged as “INTERNAL” are not provided as context to the LLM when contractors or external users query the GenAI applications.

Fine-grained authorization protocols: Users can employ dynamic metadata filtering to tailor access rights, guaranteeing real-time compliance and heightened security. E.g., Enforcing GDPR and CCPA by filtering customer data based on geographic location or individual consent.