Slide 15 · Scenario 2 of 3
Multi-tenant vector database, no retrieval-time ACL.
SCENARIO 2
Cross-Group Data Exposure in a Shared Vector Store
A healthcare organization runs separate AI assistants for its HR team and its clinical operations team — but both share the same vector database for cost efficiency. Access controls were applied at document upload time: clinical documents are tagged “clinical-only.”
However, the retrieval system queries the full vector space and returns the top-N most similar documents — without checking authorization tags at query time. When an HR manager asks the AI about “employee health documentation procedures,” the similarity search surfaces clinical patient intake forms. The AI answers using confidential clinical data the HR manager was never authorized to access.
Why it matters: Access controls applied only at ingest time are not enough. Permissions must be enforced at retrieval time — every query must be filtered against the requester’s authorization scope, not just against semantic similarity.
The Fix
Implement permission-aware vector stores that enforce ACLs during retrieval. Apply authorization filters as a pre-filter before similarity ranking — not after. Consider separate vector indexes per sensitivity tier for high-risk environments.