Insights on AI retrieval security, RAG authorization, and data governance.
Cerbos is a well-designed generic authorization engine. Gateco is a retrieval-specific security layer built for AI and RAG pipelines. They solve different problems and can be used together. Here is when to choose each.
Read full article →pgvector Row Level Security is the most common DIY pattern for RAG authorization. Here is when it works, when it breaks, and the five triggers that make teams outgrow it, usually within 6 to 12 months.
Read more →Azure AI Search is a managed search platform. pgvector, Pinecone, and Qdrant are retrieval primitives. The choice shapes your RAG architecture, and your governance options, more than most teams realize.
Read more →Metadata filters are the most common approach to RAG access control. They're also fundamentally insufficient. Here's why app-level filtering can't replace a dedicated permission layer.
Read more →Four approaches to RAG authorization, compared: no auth, metadata filters, app-layer RBAC, and a dedicated permission layer. Pros, cons, and when each makes sense.
Read more →Get started with Gateco in minutes. Free tier includes 100 secured retrievals per month.