Definition
Tenant Isolation in RAG pipelines and AI Agents is the architectural strategy of segregating data, prompts, and memory to prevent cross-contamination between different users or organizations. It balances security and cost by choosing between logical isolation (e.g., metadata filtering within a shared index) or physical isolation (e.g., dedicated indices per tenant).
Focuses on preventing data leakage between vector search results and LLM context windows, rather than general network security.
"A secure hotel where every guest has a unique keycard that only opens their specific room, even though everyone shares the same elevator and lobby."
- Metadata Filtering(Component)
- Vector Namespace(Component)
- RBAC (Role-Based Access Control)(Prerequisite)
Conceptual Overview
Tenant Isolation in RAG pipelines and AI Agents is the architectural strategy of segregating data, prompts, and memory to prevent cross-contamination between different users or organizations. It balances security and cost by choosing between logical isolation (e.g., metadata filtering within a shared index) or physical isolation (e.g., dedicated indices per tenant).
Disambiguation
Focuses on preventing data leakage between vector search results and LLM context windows, rather than general network security.
Visual Analog
A secure hotel where every guest has a unique keycard that only opens their specific room, even though everyone shares the same elevator and lobby.