Securing the Agent: Vendor-Neutral, Multitenant Enterprise Retrieval and Tool Use
As artificial intelligence continues to infiltrate enterprise environments, the implementation of Retrieval-Augmented Generation (RAG) and agentic AI systems is becoming more commonplace. However, these deployments face challenges that are often overlooked in academic studies and consumer-focused applications. Issues such as multiple tenants with diverse data sets, stringent access control requirements, regulatory compliance, and the need for cost-effective shared infrastructure present unique obstacles.
A critical issue arises within existing RAG architectures: retrieval systems primarily rank documents based on relevance—using methods like semantic similarity and keyword matching—rather than considering authorization. This can lead to situations where a query from one tenant inadvertently exposes another tenant’s confidential data simply because it ranks highly in terms of relevance. We aim to formalize this gap and explore additional shortcomings, including:
- Tool-mediated disclosure
- Context accumulation across interactions
- Client-side orchestration bypass
These challenges highlight the dangers of conflating relevance with authorization in agentic systems. In response, we propose a layered isolation architecture that integrates policy-aware ingestion, retrieval-time gating, and shared inference. This framework is enforced through server-side agentic orchestration, which centralizes vital security operations such as:
- Tool execution authorization
- State isolation
- Policy enforcement
By centralizing these operations, we create effective enforcement points for multitenant isolation. This structure allows client-side frameworks to maintain control over agent composition and operations sensitive to latency, while ensuring that security remains a top priority.
To validate the effectiveness of the proposed architecture, we have developed an open-source implementation called OGX. This vendor-neutral framework is compatible with OpenAI and features an open-source Responses API that includes server-side multi-turn orchestration. Our empirical evaluations demonstrate that Attribute-Based Access Control (ABAC) gating significantly reduces the risk of cross-tenant data leakage while imposing only minimal overhead on system performance.
The implications of this research are substantial for enterprises looking to adopt AI technologies while navigating the complexities of multitenancy. By addressing fundamental security concerns and providing a robust architecture for RAG systems, we pave the way for safer, more efficient AI deployments that respect user privacy and regulatory compliance.
As organizations increasingly rely on AI tools, understanding and mitigating the risks associated with multitenant environments will become paramount. Our proposed architecture not only enhances security but also contributes to the broader discourse on responsible AI usage in enterprise settings.
In conclusion, the development of a vendor-neutral, multitenant architecture for retrieval and tool use in AI systems is not just a technical challenge but a moral imperative. By prioritizing security and compliance, we can ensure that AI technologies serve their intended purpose without compromising sensitive information or user trust.
Related AI Insights
- Horizon-Constrained Rashomon Sets for Chaotic Forecasting
- AI-Powered Automated Audit Assurance for Large-Scale Testing
- Topology-Driven Control to Prevent Soft Robot Entanglement
- Overcoming Structural Instability in Feature Composition
- Internalizing Outcome Supervision for Enhanced RL Reasoning
- How OpenAI Ensures Safe Codex AI Coding
- IntraGuard: Hidden Manuscript Safeguards Against AI Peer Review
- Hesitator: Realistic User Simulation for Conversational Recommenders
- Online Reweighting Boosts LLM Training Generalization
- Maximize Rollout Informativeness with Budgeted Tree Search
