AI Orchestrators vs Gateco: Workflow vs Retrieval Control
An orchestrator decides which agents and steps run. Gateco decides what an agent can retrieve. Different layers, and retrieval is where RAG leaks.
6 posts
An orchestrator decides which agents and steps run. Gateco decides what an agent can retrieve. Different layers, and retrieval is where RAG leaks.
Cerbos is a generic authorization engine. Gateco is a retrieval-specific security layer for RAG. They solve different problems, and can be used together.
pgvector Row Level Security is the most common DIY RAG auth pattern. When it works, when it breaks, and the five triggers that make teams outgrow it.
Azure AI Search is a managed search platform; pgvector, Pinecone, and Qdrant are retrieval primitives. The choice shapes your RAG architecture and governance.
Metadata filters are the most common approach to RAG access control, and fundamentally insufficient. Why they can't replace a dedicated permission layer.
Four approaches to RAG authorization compared: no auth, metadata filters, app-layer RBAC, and a dedicated permission layer. Pros, cons, and when each fits.