Propagate the access controls of source data into the retrieval path so that retrieval and generation cannot expose content a requesting user is not authorized to see.
AI/ML / Multi Agent Refarch / Controls / DEV
Preserving Source Data Access Controls in AI Systems
CCC.MARefArc.CN22 · DET
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP21 | Human supervision and oversight | Mechanisms for human reviewers to inspect, approve, correct, or override agent outputs, supporting human-in-the-loop and human-over-the-loop workflows for sensitive or high-impact tasks. |
| CCC.MARefArc.CP05 | Agent-ingress zero-trust guardrails | Treats all inputs as untrusted and enforces authentication, authorization, input validation, content filtering, access control, rate limits, and dynamic policy before any request reaches an agent. |
| CCC.MARefArc.CP02 | Human-in-the-loop output review | Application-embedded controls that allow users to review, approve, or modify agent outputs before they are executed or shared. |
| CCC.MARefArc.CP13 | Vector-based semantic retrieval | Vector databases providing semantic search and grounding so agents can find relevant information from large text corpora. |
Related Threats
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.TH25 | Non-compliant outputs and model-risk-management gaps | AI-generated advice, marketing, or communications that fail KYC, suitability, disclosure, record-keeping, or model-risk-management expectations create regulatory exposure; weak supervision and accountability lines turn this into direct non-compliance. |
| CCC.MARefArc.TH03 | Embedding inversion and membership inference on the vector store | Vectors stored for semantic retrieval can be inverted to reconstruct original source text, or probed to infer whether specific confidential information is present, exposing PII or proprietary content held in the knowledge layer. |
| CCC.MARefArc.TH04 | Embedding-store poisoning degrades retrieved context | An actor with write access injects malicious or misleading embeddings into the vector store, degrading the accuracy of retrieved grounding context; the dense numerical representation makes the tampering hard to detect. |
| CCC.MARefArc.TH05 | Vector-store access-control, encryption, and audit gaps | Missing role-based access control, encryption at rest, or audit logging on the vector store allows unauthorized retrieval, modification, or undetected exfiltration of embeddings derived from sensitive internal data. |
Assessment Requirements
| ID | Text | Applicability |
|---|---|---|
| CCC.MARefArc.CN22.AR01 | Retrieval MUST enforce the access controls of the underlying source data for the requesting principal. | tlp-clear, tlp-green, tlp-amber, tlp-red |
| CCC.MARefArc.CN22.AR02 | Embeddings and retrieved context MUST be filtered by the requester's entitlements before being supplied to the model. | tlp-clear, tlp-green, tlp-amber, tlp-red |
Guideline Mappings
| Framework | ID | Remarks |
|---|---|---|
| finos-air | AIR-DET-016 |