New AuthZed tools enforce permissions in RAG and Agentic AI systems – News

Permissions management startup AuthZed Inc. today announced new support for Retrieval-Augmented Generation and Agentic AI systems, expanding its authorization infrastructure to address security challenges in enterprise artificial intelligence.

The expanded support is designed to give engineering teams the tools they need to ensure that AI systems respect permissions, prevent data leaks and maintain complete audit trails.

The expansion seeks to assist with a growing issue – as more organizations develop AI products or implement Agents, they are facing new challenges around authorization. Due to large language models and agents interacting with proprietary data, acting on behalf of users and retrieving information across tenants, AuthZed argues that traditional authorization is not equipped to handle this complexity.

AuthZed addresses the issue by using its open-source permissions system, SpiceDB, to support RAG and Agentic AI. SpiceDB, based on Google’s internal permission system, Zanzibar, was built for scale and complexity and can scale to trillions of access control lists and millions of authorization checks per second. AuthZed says that supporting AI is a natural evolution for the system.

“Customers… come to AuthZed to help make their AI projects a reality,” explains Jake Moshenko, chief executive officer of AuthZed. “Since SpiceDB is based on Google Zanzibar, it is really the only authorization solution that can provide the scale AI needs. Our official support of RAG and Agentic AI provides the authorization that makes enterprise AI secure and scalable.”

AI systems using RAG become more powerful when leveraging proprietary knowledge bases, but this also introduces complex access control requirements. AuthZed addresses this challenge by ensuring that only authorized data is retrieved, embedded and displayed to users throughout the RAG process.

Using AuthZed, teams can enforce access control by pre-filtering documents before embedding them, post-filtering vector search results to exclude restricted content and synchronizing permissions in real time with platforms like Google Workspace and SharePoint. The controls allow organizations to build secure, high-performance RAG systems that minimize the risk of data leaks.

On the Agentic AI front, AuthZed’s Agentic AI Authorization Model is designed to manage what agents can do by aligning their capabilities with the permissions of the users they act on behalf of.

The model includes functionality control to limit access to tools or application programming interfaces, permission inheritance to scope agent behavior and autonomy oversight with approval workflows and audit logs.

AuthZed is a venture capital-backed startup that has raised $15.9 million over two rounds, including a round of $12 million in April 2024. Investors in the company include General Catalyst Group Management, Work-Bench Ventures Management, Y Combinator Management and Amplify Partners LP

Image: News/Reve