Paper: Securing the Agent: Vendor-Neutral, Multitenant Enterprise Retrieval and Tool Use

Retrieval-Augmented Generation and agentic AI are increasingly common in enterprise deployments, but real enterprise environments introduce challenges largely absent from academic treatments and consumer-facing APIs: multiple tenants with heterogeneous data, strict access-control requirements, regulatory compliance, and cost pressures that demand shared infrastructure.

This paper identifies a fundamental problem underlying existing RAG architectures in these settings. Retrieval systems rank documents by relevance, not by authorization, so a query from one tenant can surface another tenant’s confidential data simply because it scores highest. The authors formalize this relevance-authorization gap alongside related shortcomings (tool-mediated disclosure, context accumulation across turns, client-side orchestration bypass) and introduce a layered isolation architecture combining policy-aware ingestion, retrieval-time gating, and shared inference, enforced through server-side orchestration. They validate it through an open-source implementation in OGX, a vendor-neutral OpenAI-compatible Responses API, showing empirically that ABAC gating eliminates cross-tenant leakage while introducing negligible overhead.

The discussion will be led by Francisco Javier Arceo, co-author of the paper, joined by co-hosts David DeStefano, Rohan Prasad, and Valdimar Eggertsson, and moderated by Arthur Coleman. They will walk through the problem, the architecture, and the benchmarks, dig into the open-source framework, and open up to a live audience Q&A.​​​​​​​​​​​​​​​​