Missing role-based access control, encryption at rest, or audit logging on the vector store allows unauthorized retrieval, modification, or undetected exfiltration of embeddings derived from sensitive internal data.
AI/ML / Multi Agent Refarch / Threats / DEV
Vector-store access-control, encryption, and audit gaps
CCC.MARefArc.TH05
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP13 | Vector-based semantic retrieval | Vector databases providing semantic search and grounding so agents can find relevant information from large text corpora. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CN04 | Data Quality and Classification | Assess the quality of, and assign classification and sensitivity labels to, all data used for grounding, training, and fine-tuning, and enforce handling rules derived from those labels throughout the Knowledge and LLM layers. |
| CCC.MARefArc.CN09 | Encryption of AI Data at Rest | Encrypt AI data at rest, including the vector store and source repositories, so that storage-level access does not expose embeddings or sensitive content. |
| CCC.MARefArc.CN22 | Preserving Source Data Access Controls in AI Systems | Propagate the access controls of source data into the retrieval path so that retrieval and generation cannot expose content a requesting user is not authorized to see. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| air-vec | AIR-SEC-002-04 | |
| air-vec | AIR-SEC-002-05 |