The knowledge of language models is limited to their training data, and to use language models and artificial intelligence chatbots in special applications, it is necessary to integrate the desired data into them. RAG technique is used for this purpose. But data security is necessary especially if the data in question are organizational documents and companies.
Protecting RAG frameworks requires context-based intelligence
However, traditional RAG access control techniques are not designed to provide context-based control. The lack of access control inherent in RAG poses a significant security risk to companies, as it may allow unauthorized users to access sensitive information. In other words, the RAG method has not been developed for such a wide and sensitive use and does not have a specific mechanism for information classification and access control.
Role-based access control (RBAC) lacks the flexibility to accommodate text-based requests, and attribute-based access control (ABAC) is known for limited scalability and higher maintenance costs. What is needed is a more intelligent text-based approach to protecting RAG frameworks that does not compromise speed and scale.
Lasso Security saw these limitations in LLM early on and developed Context-Based Access Control (CBAC) in response to the challenges of improving text-based access. Lasso Security’s CBAC is notable for its innovative approach to dynamically evaluating the text of all access requests to an LLM. CBAC evaluates requests for access, response, interaction, behavior change and data to ensure comprehensive security, prevent unauthorized access and maintain high security standards within the LLM and RAG frameworks, the company said. The purpose is to ensure that only authorized users can access certain information.
Text-based intelligence helps ensure that chatbots do not expose sensitive information from LLMs, where sensitive information is at risk.
“We try to base our solutions on text,” Ofer Dror, co-founder and chief product officer of Lasso Security, told VentureBeat in a recent interview. “Where role-based access or property-based access fails is that it’s really looking at something very static, something that’s inherited from somewhere else and something that’s not managed by design.”
“By focusing on the level of knowledge rather than patterns or attributes, CBAC ensures that only the right information reaches the right users, providing a level of accuracy and security that traditional methods cannot match,” says Dror. This innovative approach allows organizations to harness the full power of RAG while maintaining strict access controls, truly revolutionizing the way data is managed and protected.”
What is RAG?
RAG is a technique that enhances the capabilities of Large Language Models (LLM) by giving access to external information sources. This allows LLMs to provide more accurate, relevant and up-to-date answers to user queries.
In 2020, researchers from Facebook AI Research, University College London, and New York University published a paper titled “Retrieval-augmented generation for knowledge-based natural language processing tasks” in which they described RAG as “fitting pre-parametric memory generation models trained with a nonparametric memory through a general fine-tuning approach we call retrieval-augmented generation (RAG). They built RAG models where the parametric memory is a pre-trained sequence-to-sequence transformer and the non-parametric memory is a dense vector index from Wikipedia accessible by a pre-trained neural retriever.”
“RAG is a practical way to overcome the limitations of large General Language Models (LLM) by making enterprise data and information available for LLM processing,” writes Gartner in its recent report, “Getting Started with Retrieval Augmented Manufacturing.”
How to lasso security CBAC with RAG designed
Lasso Security has designed CBAC to be used both as a stand-alone solution and as part of other company products. This system can be integrated with Active Directory or used independently with minimal settings. This flexibility ensures that organizations can adopt CBAC without extensive changes to their LLM infrastructure.
While CBAC is designed as a stand-alone solution, Lasso Security has also designed it to integrate with its generative AI security suite, which includes employee use of chatbots, apps, agents, digital assistants and integrated AI-based models. Protects productivity in production environments. Regardless of how LLMs are deployed, Lasso Security monitors every interaction involving data transfer to or from the LLM. It also quickly detects any anomalies or violations of organizational policies and ensures a safe and compliant environment at all times.
CBAC how does it work
Drover explained that CBAC is designed to continuously monitor and evaluate a wide range of contextual cues to determine access control policies and ensure that only authorized users have access to specific information, even in documents and reports that contain related and external data. are from the current range.
“There are different intelligences that we use to determine whether this is an anomaly or a legitimate request,” he added. And we will also check the answer from both sides. “But basically if you think about it, it all boils down to whether this person should be asking this question and should this person be getting the answer to this question from the different types of data that this model is connected to.”
The core of CBAC is a series of supervised machine learning algorithms that continuously learn and adapt based on contextual insights gained from user behavior patterns and historical data. “The core of our approach is text,” Dror told VentureBeat. who is this person What is his role? Should he ask this question? Should it receive this response? By evaluating these factors, we prevent unauthorized access and ensure data security in LLM environments.”
CBAC It takes on security challenges
“We’re now seeing a lot of companies that have already gone down the road and built a RAG, including designing a RAG chatbot, and now they’re dealing with issues like who can ask what, who can see what, Who can receive what, they are facing.
The exponential increase in RAG adoption also makes the LLM’s limitations and the problems they pose more urgent, says Dror. The illusion and problem of LLM training has also emerged with new data showing how challenging it is to solve the problem of RAG licences. CBAC was invented to address these challenges and provide contextual insights needed to achieve a more dynamic approach to access control.
With RAG a cornerstone of organizations’ current and future LLM strategies and broader AI strategies, text-based intelligence will prove to be a turning point in how they can be protected and scaled without impacting performance.
source
Latest Passing over countries : Spain | Dominica | United Arab Emirates
RCO NEWS
