Blog

Google has two distinct retrieval products under the Vertex AI brand. Vector Search (formerly Matching Engine) is a managed ANN index. Vertex AI Search is a full Discovery Engine service with keyword, hybrid, and listing capabilities. Gateco supports both — here is when to use each.

The Gateco MCP server gives Claude Desktop, Cursor, and any MCP-compatible host policy-enforced access to your vector knowledge bases. Six tools, markdown-only output, denied content never surfaces. Available on all plans for retrieval tools; Grounded Answers requires Growth+.

Gateco now supports 1-hop relationship-based access control: policies can check whether a principal has a named relationship to a resource. Owner, assignee, project member — any relationship you define. Here is how it works and when to use it over RBAC and ABAC.

Cerbos is a well-designed generic authorization engine. Gateco is a retrieval-specific security layer built for AI and RAG pipelines. They solve different problems — and can be used together. Here is when to choose each.

pgvector Row Level Security is the most common DIY pattern for RAG authorization. Here is when it works, when it breaks, and the five triggers that make teams outgrow it — usually within 6 to 12 months.

The most common question about adding an authorization layer to RAG: "How much latency does it add?" Here is exactly how Gateco achieves <25ms p95 policy overhead, what drives variance across connectors, and what happens when the policy engine is slow.

Azure AI Search is a managed search platform. pgvector, Pinecone, and Qdrant are retrieval primitives. The choice shapes your RAG architecture — and your governance options — more than most teams realize.

Gateco now supports four distinct retrieval modes. Here's when to reach for each one — and why hybrid might be your new default.

DIY RAG authorization requires a policy engine, metadata resolution, audit logging, connector adapters, and identity sync. Here's what it actually takes to build it yourself.