What is the difference between RAG and CAG security in this skill?

RAG (Retrieval-Augmented Generation) focuses on securing the retrieval process from external vector databases, while CAG (Cache-Augmented Generation) focuses on securing data stored in long-term context caches. This skill provides patterns to handle isolation and access for both.

How does the skill handle multi-tenant isolation?

It provides implementation patterns for namespace isolation, metadata filtering (tenant_id) at query time, and the use of separate collections to ensure data from one tenant is never accessible by another.

Does it support document-level permissions?

Yes, the skill includes patterns for mapping user groups and clearance levels to document classification and access groups, ensuring a 'need-to-know' basis for all retrieved information.

Can this skill help prevent prompt injection?

Yes, it includes sanitization logic to clean retrieved context chunks of potential instruction patterns and escape special characters before they are included in the final prompt sent to the LLM.

RAG/CAG Security Patterns

Name: RAG/CAG Security Patterns
Author: jpoutrin

byjpoutrin

•

Security & Testing

Secures retrieval-augmented and cache-augmented generation systems through multi-tenant isolation, document-level access control, and prompt injection prevention.

About

This skill provides specialized security architecture patterns and implementation strategies for RAG and CAG systems. It addresses the unique security challenges of AI-driven data retrieval, including robust multi-tenant isolation using namespace or metadata filtering, granular document-level permissions, and defensive sanitization techniques to prevent prompt injection. It is an essential tool for developers building enterprise-grade AI applications that require strict data privacy, secure handling of confidential information, and multi-user environment safety.

Key Features

Multi-tenant isolation strategies including namespace and metadata filtering
Granular document-level access control and classification patterns
Comprehensive security implementation checklist for production readiness
2 GitHub stars
Pre-defined data classification levels for varying sensitivity needs
Automated prompt injection prevention through context sanitization

Use Cases

Implementing clearance-based data retrieval for secure internal AI chatbots
Building a multi-tenant enterprise knowledge base with strict data silos
Sanitizing retrieved context to prevent indirect prompt injection attacks

About

Key Features

Multi-tenant isolation strategies including namespace and metadata filtering
Granular document-level access control and classification patterns
Comprehensive security implementation checklist for production readiness
2 GitHub stars
Pre-defined data classification levels for varying sensitivity needs
Automated prompt injection prevention through context sanitization

Use Cases

Implementing clearance-based data retrieval for secure internal AI chatbots
Building a multi-tenant enterprise knowledge base with strict data silos
Sanitizing retrieved context to prevent indirect prompt injection attacks