laiyertech logo

Category: AI Security

Blog posts about AI security

  • RAG: How to address Data governance topics in using AI and RAG?

    RAG is a powerful AI technology enabling LLM’s to retrieve information from a trusted external knowledge base (your documents or data) instead of its own ‘trained’ knowledge. In part 1 of this blog, we described how RAG can increase the quality of the LLM response tremendously. It prevents an LLM from hallucinating and ensures that responses are verifiable and based on reliable documents and data.

    Though, RAG introduces several new security aspects that should be considered.

    To implement RAG with an AI application, the organization’s proprietary documents or data need to be processed (vectorized) and utilized by the LLM to generate responses.  Processing these documents raises extra concerns, particularly for organizations with strict security practices. The primary consideration is determining the suitable level of data governance required for transferring the documents and implementing the organization’s vectorized LLM content.  The concerns are grouped into the following topics: data residency, access control, data lineage and audit trails, and data retention.

    Organizations have implemented various levels of security policy strictness. The measures outlined below represent a quite strict set of policies.  We recommend that organizations choose only those options that correspond to the requirements of their application.

    1. Data Residency and Sovereignty

    A core aspect of governance is to know where your data is located. When using a cloud RAG service, you need to confirm that your data, including the raw documents and the generated vector embeddings, will remain within your specified geographic region. This is crucial for complying with regulations like GDPR, the EU Data-Act or AI-Act.

    • Provider Agreements: Your contract with a cloud provider must explicitly guarantee data residency. Be aware that some services, especially pre-release or “preview” offerings, may store or process data globally.
    • Infrastructure Segregation: Ensure the service uses a dedicated infrastructure or a logical partition for your data to prevent cross-contamination with other customers.
    • Data in Transit: During transfer from document storage to the RAG service, data should be encrypted using appropriate protocols.
    ‘To what extent can Providers with data centers outside Europe or with non-European ownership ensure adequate security provisions within their RAG solutions for European organizations?’

    Achieving the required assurances in a RAG application also depends upon the third parties involved:

    • When using the RAG service provided by an LLM provider, it is essential that the provider delivers the necessary assurances. Although some LLM providers state that they offer a high level of guarantees, these may not always meet the requirements of professional organizations.
    • When utilizing a RAG service from an external third party, only those providers that can supply the necessary assurances should be considered.
    • When choosing to develop a RAG pipeline internally, all required assurances should be addressed within the project.

    2. Access Control and Permissions

    Your company’s document management system probably has a sophisticated access control model (e.g., role-based or policy-based access control) that facilitates who can see which document. This same logic must be applied to the RAG system. In this way, users of the AI system employing RAG adhere to the same access control measures for the data or documents processed by the RAG pipeline.

    • Document-Level Access: The most significant challenge is to ensure that a user querying the RAG system, can only retrieve and use documents that are authorized to be accessed in your original document management system. The vector database must be able to respect these permissions. This requires a strong integration between your identity and access management (IAM) system and the RAG service.
    • Vectorization Pipeline: The process of creating vectors from your documents also has to respect access controls.

    3. Data Lineage and Audit Trails

    Governance is impossible without a clear, verifiable record of the data’s journey. If this is a requirement within your organization, it is important to provide for the RAG system an equivalent level of auditing as that used for internal documents.

    • End-to-End Tracking: Establish a clear data lineage from the original document in your on-premises storage to its chunked form and then to its final vectorized representation. This lineage should be auditable and traceable.
    • Comprehensive Logging: The RAG service should provide detailed logs of every action, including:
      • Which documents were ingested and when.
      • Which user queries led to the retrieval of specific documents.
      • Which documents were ultimately used by the LLM to generate a response.
    • Tamper-Proof Logs: These audit trails should be stored in a way that prevents them from being altered or deleted, ensuring their integrity for compliance purposes.

    4. Data Retention and Disposal

    Just as you have policies for deleting old documents, you need to have a protocol for the vectorized data. This can be complex because a single document might be represented by multiple vectors.

    • Automated Deletion: The system should support an automated process for deleting vectors and their associated content when the original document is removed or updated. This is crucial for maintaining data hygiene and complying with “right to be forgotten” requests.
    • Secure Disposal: When data is deleted, it must completely and securely be erased from all storage locations, including backups, to prevent accidental rediscovery. You should verify the cloud provider’s data destruction protocols.

    When users perceive that an AI application provided by the organization addresses the issues mentioned above, they are more likely to trust and use the AI application.

    Laiyertech has developed an AI software platform with RAG functionality, designed to address the here forementioned topics at a level appropriate for organizational use. This platform can be deployed on our cloud, the organization’s cloud, or in on-premises environments, and is available under a shared source license.

    Our approach is to work collaboratively with your in-house software development team(s) or with your preferred IT vendors to realize an optimal AI application for the organization.

    If you are interested in learning more about our experience with RAG and the implementation of RAG in collaboration with in-house software development and infrastructure teams, we will be pleased to discuss this further with you and your experts.

  • RAG: How to use proprietary documents safe and secure with AI?

    Can you trust AI in your organization?

    We regularly discuss the application of AI with management of professional organizations. Often, we learn they are cautious and have limited trust in applying AI. This cautiousness arises from a combination of personal experience and limited knowledge of the technical features and capabilities of the AI technology currently available.

    In this RAG blog part 1, we aim to identify potential risks and provide solutions utilizing current AI technologies such as RAG. For those who know RAG, we present part 2, covering key data governance issues including data residency, access control, data lineage and audit trails, data retention, and our recommended solutions.

    The rapid rise of Large Language Models (LLMs) has revolutionized how we interact with data, however conventional Chatbot use presents significant challenges for enterprises. Current LLM’s are primarily trained using data collected from a wide range of internet sources, including websites, forums, blogs, and social media posts. Although the knowledge base the LLM derives from its training data to work with is extensive and broadly applicable, it also remains constrained by the static and diverse nature of that respective information. This involves several key problems:

    • Factual Inaccuracy (Hallucinations): LLMs may confidently produce false or irrelevant information due to their lack of real-time and domain-specific data.
    • Lack of Context: An off-the-shelf LLM has no knowledge of your company’s proprietary documents, internal policies, or specific customer data, making it useless for many business applications.
    • Stale Information: LLM training is a time-consuming and expensive process. They cannot keep up with dynamic information that changes rapidly, such as market data, legal updates, or internal documents.
    • Lack of Transparency: You cannot request an LLM to disclose its sources, which is a serious compliance and trust issue in regulated industries.

    Employees who use a private ChatBot account with one of the major LLM providers may encounter the issues described above. If these issues occur during the use of an AI application provided by an organization, they could affect users’ trust in that AI systems, potentially influencing the adoption and implementation of AI technologies. Trustworthy AI should use proprietary documents and data when available.

    To address these limitations, various technologies have been developed to combine enterprise-specific knowledge with the use of large language models. Retrieval-Augmented Generation ( RAG ) is recognized as both a widely utilized and highly effective approach. RAG (works by) enables an LLM to retrieve information from a trusted external knowledge base (your documents or data) and vectors the information before generating a response. We have experienced that RAG can increase the quality of the LLM response tremendously. It prevents hallucination and ensures that responses are verifiable and based on reliable documents and data.

    However, RAG is not the only option. A simpler approach and widely used technique includes a few relevant documents or excerpts directly in the prompt. Unlike RAG this approach depends exclusively on user-supplied input. While straightforward in its approach, this method is generally less efficient with larger documents or document collections, it may result in lower quality responses and can increase cost and latency due to longer prompts. By contrasting RAG with this alternative, it’s clear why RAG has become the preferred choice for many enterprise applications that require up-to-date, factual, and auditable responses. It strikes a balance between cost, accuracy, and ease of use, making it a powerful tool for IT managers looking to deploy secure and reliable AI.

    Additional RAG benefits

    In regulated and professional settings, identifying the origin of information is essential for ensuring compliance and maintaining accountability. RAG is particular effective in delivering this level of transparency.

    Furthermore, Retrieval-Augmented Generation (RAG) has the capacity to provide direct citations for the sources utilized in generating responses. The output from the LLM can be supplemented with references or links to the original documents, paragraphs, webpages, or databases.

    The entire RAG pipeline – from the user’s query to the retrieved documents and the final response – can be logged. This provides a clear, traceable audit trail, which is essential for compliance, troubleshooting, and building user trust. When users experience that an AI’s answer is grounded in verifiable, company-specific information, they are far more likely to trust and adopt the AI-application.

    How to include RAG in an AI application?

    RAG can be integrated into an AI application through multiple methods, which differ based on the organization’s needs and available resources.

    The main options are:

    1. Utilizing an LLM provider’s managed RAG service
    2. Developing an in-house RAG pipeline, or
    3. Obtaining RAG pipeline technology for self-deployment

    Ad 1. Using Managed Service RAG from the LLM Provider

    This is the fastest and most direct way to get a RAG system up and running, especially if you already use a major LLM provider that also offers a RAG service. These services hide most of the complexity. For example, OpenAI provides this service through its Enterprise licenses and Custom GPT functionality.

    How it works: You upload your documents (e.g., PDFs, Word files) to the cloud provider’s storage. The service then automatically handles the entire RAG pipeline: chunking the documents, creating vector embeddings, storing them in a vector database, and integrating with an LLM to answer queries based on your data.

    Although this solution is straightforward and simple to implement, it also has certain disadvantages for organizations:

    • Vendor Lock-in: You become dependent on the LLM provider’s ecosystem and may face challenges if you decide to migrate or use another LLM later.
    • Limited Customization: You have less control over the specific chunking strategies, embedding models, and retrieval algorithms used.
    • Data Governance: Although leveraging the LLM providers is convenient, it is essential to carefully verify that their data residency and security protocols are fully aligned with your organization’s governance and compliance requirements.

    Ad 2. Developing an in-house RAG pipeline

    This approach involves serious software development, either from scratch or using a RAG framework. It provides more control than managed services. By using available libraries and components, a significant decrease of development time can be achieved. Leading frameworks, such as LangChain, LlamaIndex, and Haystack, are commonly used for these purposes. By selecting an appropriate library for a RAG pipeline and overseeing data and infrastructure internally, the framework efficiently manages the coordination of its various components. This increased flexibility and control over the RAG process is obtained.

    However, the technology involved is relatively complex and involves a significant learning curve. The implementation can be time-consuming. Additionally, infrastructure management is still required; this involves provisioning and maintaining the vector database and its related components.

    Ad 3. Acquiring complete RAG Solutions with Cloud or On-Premises Deployment

    Several software companies offer robust RAG pipeline solutions that operate independently of specific LLM providers. These options are available via cloud services or can be deployed on an organization’s infrastructure. These solutions abstract complexity, support infrastructure management, and enable RAG to operate independently of any specific LLM provider. Vendor Lock-in can be reduced by selecting vendors who offer open-source products. The level of customization of the RAG solution varies per vendor. It’s also important to ensure that data residency and security protocols match your organization’s requirements.

    Laiyertech has developed an AI software platform that includes RAG functionality, offers deployment on both cloud and on-premises environments, and is provided with a shared source license.

    Caution: RAG alone does not solve (the whole) all problems

    IT managers may need to consider that, although her/his organization has a strong approach to security, employing third-party RAG solutions means reliance on external software providers. This introduces new security considerations, with the main concern being the appropriate level of data governance necessary for the organization’s vectorized LLM content. Part 2 of our RAG blog will cover data governance topics including data residency , access control , data lineage and audit trails , and data retention in greater detail.

    If you are interested in learning more about our experience with RAG and the implementation of RAG in collaboration with in-house software development and infrastructure teams, we will be pleased to discuss this further with you and your experts.