The knowledge of language models is limited to their training data, and to use language models and artificial ielligence chatbots in special applications, it is necessary to iegrate the desired data io them. RAG technique is used for this purpose. But data security is necessary especially if the data in question are organizational documes and companies.
Protecting RAG frameworks requires coext-based ielligence
However, traditional RAG access corol techniques are not designed to provide coext-based corol. The lack of access corol inhere in RAG poses a significa security risk to companies, as it may allow unauthorized users to access sensitive information. In other words, the RAG method has not been developed for such a wide and sensitive use and does not have a specific mechanism for information classification and access corol.
Role-based access corol (RBAC) lacks the flexibility to accommodate text-based requests, and attribute-based access corol (ABAC) is known for limited scalability and higher maienance costs. What is needed is a more iellige text-based approach to protecting RAG frameworks that does not compromise speed and scale.
Lasso Security saw these limitations in LLM early on and developed Coext-Based Access Corol (CBAC) in response to the challenges of improving text-based access. Lasso Security’s CBAC is notable for its innovative approach to dynamically evaluating the text of all access requests to an LLM. CBAC evaluates requests for access, response, ieraction, behavior change and data to ensure comprehensive security, preve unauthorized access and maiain high security standards within the LLM and RAG frameworks, the company said. The purpose is to ensure that only authorized users can access certain information.
Text-based ielligence helps ensure that chatbots do not expose sensitive information from LLMs, where sensitive information is at risk.
“We try to base our solutions on text,” Ofer Dror, co-founder and chief product officer of Lasso Security, told VeureBeat in a rece ierview. “Where role-based access or property-based access fails is that it’s really looking at something very static, something that’s inherited from somewhere else and something that’s not managed by design.”
“By focusing on the level of knowledge rather than patterns or attributes, CBAC ensures that only the right information reaches the right users, providing a level of accuracy and security that traditional methods cannot match,” says Dror. This innovative approach allows organizations to harness the full power of RAG while maiaining strict access corols, truly revolutionizing the way data is managed and protected.”
What is RAG?
RAG is a technique that enhances the capabilities of Large Language Models (LLM) by giving access to external information sources. This allows LLMs to provide more accurate, releva and up-to-date answers to user queries.
In 2020, researchers from Facebook AI Research, University College London, and New York University published a paper titled “Retrieval-augmeed generation for knowledge-based natural language processing tasks” in which they described RAG as “fitting pre-parametric memory generation models trained with a nonparametric memory through a general fine-tuning approach we call retrieval-augmeed generation (RAG). They built RAG models where the parametric memory is a pre-trained sequence-to-sequence transformer and the non-parametric memory is a dense vector index from Wikipedia accessible by a pre-trained neural retriever.”
“RAG is a practical way to overcome the limitations of large General Language Models (LLM) by making eerprise data and information available for LLM processing,” writes Gartner in its rece report, “Getting Started with Retrieval Augmeed Manufacturing.”
How to lasso security CBAC with RAG designed
Lasso Security has designed CBAC to be used both as a stand-alone solution and as part of other company products. This system can be iegrated with Active Directory or used independely with minimal settings. This flexibility ensures that organizations can adopt CBAC without extensive changes to their LLM infrastructure.
While CBAC is designed as a stand-alone solution, Lasso Security has also designed it to iegrate with its generative AI security suite, which includes employee use of chatbots, apps, ages, digital assistas and iegrated AI-based models. Protects productivity in production environmes. Regardless of how LLMs are deployed, Lasso Security monitors every ieraction involving data transfer to or from the LLM. It also quickly detects any anomalies or violations of organizational policies and ensures a safe and complia environme at all times.
CBAC how does it work
Drover explained that CBAC is designed to coinuously monitor and evaluate a wide range of coextual cues to determine access corol policies and ensure that only authorized users have access to specific information, even in documes and reports that coain related and external data. are from the curre range.
“There are differe ielligences that we use to determine whether this is an anomaly or a legitimate request,” he added. And we will also check the answer from both sides. “But basically if you think about it, it all boils down to whether this person should be asking this question and should this person be getting the answer to this question from the differe types of data that this model is connected to.”
The core of CBAC is a series of supervised machine learning algorithms that coinuously learn and adapt based on coextual insights gained from user behavior patterns and historical data. “The core of our approach is text,” Dror told VeureBeat. who is this person What is his role? Should he ask this question? Should it receive this response? By evaluating these factors, we preve unauthorized access and ensure data security in LLM environmes.”
CBAC It takes on security challenges
“We’re now seeing a lot of companies that have already gone down the road and built a RAG, including designing a RAG chatbot, and now they’re dealing with issues like who can ask what, who can see what, Who can receive what, they are facing.
The exponeial increase in RAG adoption also makes the LLM’s limitations and the problems they pose more urge, says Dror. The illusion and problem of LLM training has also emerged with new data showing how challenging it is to solve the problem of RAG licences. CBAC was inveed to address these challenges and provide coextual insights needed to achieve a more dynamic approach to access corol.
With RAG a cornerstone of organizations’ curre and future LLM strategies and broader AI strategies, text-based ielligence will prove to be a turning poi in how they can be protected and scaled without impacting performance.
source
