Securing the Agent: Vendor-Neutral, Multitenant Enterprise Retrieval and Tool Use

Researchers present a layered security architecture for multitenant enterprise AI systems that isolates data and controls access in retrieval-augmented generation (RAG) and agentic AI deployments. The approach separates security-critical operations to the server while preventing cross-tenant data leakage, validated through an open-source OGX framework with negligible performance overhead.

The paper addresses a critical infrastructure gap in enterprise AI deployments where existing RAG systems prioritize relevance ranking over authorization controls. Traditional architectures rank documents by semantic similarity or keyword matching without access-control validation, creating a fundamental security vulnerability where one tenant's query could expose another tenant's confidential data. This problem intensifies with agentic AI systems that compound risks through tool-mediated disclosures and context accumulation across conversation turns.

The research builds on growing awareness that academic RAG solutions and consumer APIs fail to accommodate real enterprise constraints: multiple isolated tenants, strict regulatory compliance requirements, and cost pressures demanding infrastructure sharing. Current implementations often push orchestration to client-side frameworks, creating enforcement blind spots where authorization policies cannot be reliably validated.

The proposed solution implements a three-tier defense: policy-aware data ingestion, retrieval-time access gating using attribute-based access control (ABAC), and centralized server-side orchestration. By moving security-critical operations—tool execution authorization and state isolation—to the server, the architecture creates natural enforcement points while allowing client frameworks flexibility on agent composition and latency optimization.

The OGX implementation demonstrates this balance through an OpenAI-compatible API with server-side multi-turn orchestration. Empirical validation shows ABAC gating eliminates cross-tenant data leakage with negligible performance degradation. This work signals growing maturity in enterprise AI infrastructure, suggesting vendors and organizations will increasingly prioritize security-by-architecture rather than treating it as an afterthought in production systems.

• →Current RAG systems rank documents by relevance rather than authorization, creating cross-tenant data leakage vulnerabilities in shared enterprise infrastructure
• →Server-side agentic orchestration with centralized security enforcement prevents tool-mediated disclosure and context accumulation attacks across tenants
• →ABAC gating at retrieval time eliminates cross-tenant leakage with negligible performance overhead in production deployments
• →The OGX framework provides vendor-neutral, open-source implementation of secure multitenant RAG compatible with OpenAI APIs
• →Enterprise AI deployments increasingly require architecture-level security separation distinct from consumer-facing academic RAG solutions