Strip hidden content, detect adversarial formatting, filter injected instructions before any document enters the vector store.

Enforce access controls at retrieval time — not just at document upload time.

Add provenance checks and confidence thresholds so cosine similarity alone cannot be gamed.

Prevent embedding inversion attacks if the vector store is compromised or exfiltrated.

Log retrieval activity with provenance. Alert on anomalies — sudden ranking shifts, new documents scoring unusually high for high-value queries.

Apply TTLs and cascade deletion from source to embedding, so poisoned vectors don’t outlast their source documents.