Enterprise RAG Systems Face Multitenant Security Risks
A recent paper on arXiv (2605.05287) highlights significant security vulnerabilities within Retrieval-Augmented Generation (RAG) and agentic AI systems used in enterprise settings. Unlike consumer or academic environments, enterprises must navigate various tenants with diverse data, stringent access regulations, compliance mandates, and cost constraints that necessitate shared infrastructure. The authors pinpoint a critical issue: retrieval systems prioritize documents based on relevance—through semantic similarity, keyword matching, or a combination of both—rather than authorization. Consequently, a query from one tenant may inadvertently reveal another tenant's sensitive information if it ranks highest. Additional issues include tool-mediated data exposure, context accumulation over interactions, and bypassing client-side orchestration, stemming from the confusion between relevance and access rights. The authors advocate for multitenant architectures that enforce access control during retrieval.
Key facts
- Paper title: Securing the Agent: Vendor-Neutral, Multitenant Enterprise Retrieval and Tool Use
- Published on arXiv with ID 2605.05287
- Addresses RAG and agentic AI systems in enterprise deployments
- Identifies that retrieval systems rank by relevance, not authorization
- Highlights risks of cross-tenant data leakage
- Discusses tool-mediated disclosure, context accumulation, and client-side bypass
- Proposes vendor-neutral, multitenant architectures
- Emphasizes regulatory compliance and cost pressures in enterprises
Entities
Institutions
- arXiv