.svg)
.png)
Tel Aviv (August 5, 2024) Lasso Security, a Generative AI security solution company, announces a new approach to access control in the new GenAI age. Context-Based Access Control (CBAC) allows customers to set up access control management and sensitive data leak prevention with only a few clicks
Retrieval-Augmented Generation (RAG) is an innovative technique that enhances the capabilities of Large Language Models (LLMs) by integrating them with external data sources. This approach retrieves relevant documents to provide additional context, significantly improving the accuracy and relevance of LLM outputs without the need for retraining. However, RAG's lack of native access control poses a significant security risk for enterprises as it could allow unauthorized users to access sensitive information.
Current access control methods, like Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) enhance security by restricting access based on roles, permissions, or attributes. However, in the world of RAG, these methods often lead to increased system complexity, data duplication, and slower query performance. They also require meticulous implementation and ongoing maintenance, making them challenging to scale and manage effectively.
To address this issue, Lasso developed the first Context-Based Access Control (CBAC) for RAG applications, which focuses on the context of both requests and responses. CBAC ensures only authorized users access specific information, preventing unauthorized exposure and handling documents with mixed relevant and out-of-scope information. This innovative approach offers organizations a higher level of security and control, managing data access in a context-aware and efficient manner.
With Context-Based Access Control (CBAC) you can:
“CBAC is a game-changer in the world of context-aware data security. By focusing on the knowledge level and not patterns or attributes, CBAC ensures that only the right information reaches the right users, providing a level of precision and security that traditional methods can't match” noted Ophir Dror, Lasso Security CPO & Co-Founder. “This innovative approach allows organizations to harness the full power of Retrieval-Augmented Generation (RAG) while maintaining stringent access controls, truly revolutionizing how we manage and protect data."
This new access control and data leak prevention features are integrated into Lasso’s GenAI security suite that offers protection of employees' use of GenAI based Chatbots, Applications, Agents, Code Assistants and integrated Models into production environments. Regardless of LLMs deployment, Lasso monitors every interaction involving data transfer to or from the LLM. It swiftly identifies any anomalies or violations of organizational policies, ensuring a secure and compliant environment at all times.
Read the full article about RAG Security to understand what it is and how it works: https://www.lasso.security/blog/riding-the-rag-trail-access-permissions-and-context
About Lasso Security
Lasso Security is pioneering LLM cybersecurity by safeguarding every LLM touchpoint, ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies. Through a combination of deep expertise and creative problem-solving, Lasso empowers organizations to securely integrate and deploy LLMs in production environments.
