“Encrypt stored vectors to prevent exposure in the event of unauthorized access.” Because embeddings can be mathematically inverted to reconstruct source text, a compromised vector store is effectively a compromised document store — even if the original documents are stored separately and securely.

Vec2Text (Slide 11): read access to unencrypted vector embeddings was sufficient to reconstruct source text with ~92% accuracy for 32-token inputs from OpenAI’s ada-002. Encrypted vectors at rest would have meant an attacker who exfiltrated the vector store had numbers — not recoverable documents.

→ Enable encryption at rest on the vector database storage layer — most managed vector stores (Pinecone, Weaviate, Qdrant, pgvector) support this as a configuration option
→ Ensure encryption keys are managed separately from the store itself: a compromised store should not include the means to decrypt it
→ Apply key rotation and audit access to encryption keys as you would for any sensitive data store

Confirm your vector database backend has encryption at rest enabled in its configuration. Verify that encryption keys are not co-located with the data and that key rotation is in place.