Execution & Tools / Vector DB
FR EN

Execution & Tools

Vector DB

Vector database: stores the embeddings queried by the retriever.

Plane
Execution & Tools
Flow steps
7
Frameworks
OWASP LLM08 · NIST 800-53

Technology

Why use it

Store and query embeddings efficiently for semantic search.

Why it matters to security

Embeddings can leak sensitive data (inversion) and be poisoned; multi-tenant isolation and encryption are essential.

Implementations pgvectorPineconeQdrantWeaviateMilvus

An embedding is not anonymous: it can be inverted back to source data.

Recommendations by maturity tier

Hover a recommendation for its explanation · each one carries its control number

Foundation

Minimum viable baseline
  • Vector encryption at rest and in transit.
    NIST 800-53 SC-28 · SC-8
    Embeddings derive from real, sometimes sensitive data.
  • Strict multi-tenant partitioning.
    NIST 800-53 SC-4 · AC-3
    A shared index leaks data between customers.
  • Database access authentication.
    NIST 800-53 IA-9
    No anonymous queries on the index.

Enterprise

Enterprise standard
  • Permission metadata stored with the vectors.
    NIST 800-53 AC-16
    Permission filtering happens at query time, not after.
  • Index integrity (anti-poisoning).
    NIST 800-53 SI-7OWASP LLM08:2025
    Malicious insertions into the index are detected.
  • Vector-query logging.
    NIST 800-53 AU-2
    Anomalous query patterns become visible.

Advanced

High-assurance / regulated
  • Defense against embedding inversion.
    NIST 800-53 SC-28OWASP LLM08:2025
    Limit what an attacker can reconstruct from the vectors.
  • Insertion/query anomaly detection.
    NIST 800-53 SI-4
    A wave of suspicious insertions triggers an alert.
  • Verified backup and restore.
    NIST 800-53 CP-9
    The index can be restored after corruption.

Architecture notes

  • Filter by permission INSIDE the vector query.details ▸
    Filtering afterward lets forbidden results leak.
    Store authorization metadata with the vectors and apply it at query time.

References

OWASP LLM08:2025
Vector & Embedding Weaknesses — inversion, poisoning, cross-tenant leakage.
NIST SP 800-53 Rev5
SC-28, SC-8, SC-4, AC-16, SI-7 (Integrity), IA-9, CP-9.

Abbreviations

PDP
Policy Decision Point
PEP
Policy Enforcement Point
PIP
Policy Information Point
PAP
Policy Administration Point
IdP
Identity Provider
TSS
Token Service
NHI
Non-Human Identity
RBAC
Role-Based Access Control
ABAC
Attribute-Based Access Control
MFA
Multi-Factor Authentication
HITL
Human-in-the-loop
JIT
Just-In-Time
CAE
Continuous Access Evaluation
CAEP
Continuous Access Evaluation Profile
DPoP
Demonstrating Proof-of-Possession
mTLS
mutual TLS
PII
Personally Identifiable Information
KMS
Key Management Service
CI/CD
Continuous Integration / Continuous Delivery
SIEM
Security Information and Event Management
SOAR
Security Orchestration, Automation and Response
SCIM
System for Cross-domain Identity Management
XACML
eXtensible Access Control Markup Language
OPA
Open Policy Agent
OWASP
Open Worldwide Application Security Project
NIST
National Institute of Standards and Technology
ATLAS
Adversarial Threat Landscape for Artificial-Intelligence Systems
LLM
Large Language Model
WAF
Web Application Firewall
CDN
Content Delivery Network
DDoS
Distributed Denial of Service
DLP
Data Loss Prevention
JWT
JSON Web Token
API
Application Programming Interface
CRS
Core Rule Set (OWASP)
RAG
Retrieval-Augmented Generation
MCP
Model Context Protocol
PBAC
Permission-Based Access Control
HSM
Hardware Security Module
UEBA
User and Entity Behavior Analytics
SBOM
Software Bill of Materials
SLSA
Supply-chain Levels for Software Artifacts
WORM
Write Once, Read Many
SPIFFE
Secure Production Identity Framework For Everyone