Home · AI Security Answers · RAG & data security
How do I prevent cross-tenant data leakage in a multi-tenant RAG system?
To prevent cross-tenant data leakage in a multi-tenant RAG system, implement strict data isolation and access controls across all data lifecycle stages, including memory, derived data, and storage.
Concrete controls include:
- Strict per-tenant memory scoping and explicit access control on memory retrieval to prevent memory contamination across sessions or tenants (OWASP LLM Top 10: L2 Memory Contamination).
- Utilize separate physical or logical vector indexes for confidential data to ensure tenant data isolation.
- Implement classification inheritance so that any data derived from classified inputs inherits at least the classification of its inputs, addressing PII leakage through derived data (OWASP LLM Top 10: L2 Sensitive Information Disclosure, L5 Supply Chain Vulnerabilities).
- Treat vector databases as containing the original text for access control purposes and encrypt embeddings at rest where warranted to mitigate embedding inversion attacks (OWASP LLM Top 10: L2 Sensitive Information Disclosure).
- Establish a data classification service that all data-producing and data-consuming components consult, ensuring source data is classified at ingestion and derived data inherits classifications.
- Maintain a per-user data inventory across all stores and implement deletion workflows that propagate to derived data to prevent right-to-erasure failures (OWASP LLM Top 10: L2 Sensitive Information Disclosure, L6 Insecure Output Handling).
Grounded in
- Designing Agentic AI Systems with the ORCHIDEAS Framework
How does your AI agent score?
Get a free, instant AI agent security readiness snapshot — mapped to NIST, OWASP & ISO — then unlock the full report with a prioritized, cited fix-list.
This AI-generated answer is for guidance only — not a certification, audit, or penetration test. Grounded in the NIST AI RMF, OWASP LLM Top 10, and ISO/IEC 42001 control text; verify applicability to your environment.