Blog

When a policy evaluation hits an error — timeout, missing metadata, misconfigured condition — Gateco denies the retrieval and logs the decision. Here is why fail-closed is the right default, how to read error-deny events, and when fail-open is appropriate.

Gateco now supports 1-hop relationship-based access control: policies can check whether a principal has a named relationship to a resource. Owner, assignee, project member — any relationship you define. Here is how it works and when to use it over RBAC and ABAC.

Every RAG pipeline your engineering team ships creates a new access surface that bypasses application-layer authorization. Here is how to close the gap — in security language, not developer language.

A summary of everything that shipped this month: relationship-based access control, API key authentication, SDK v1.0, and our new Trust Center.

Azure AI Search gives you world-class hybrid retrieval. Gateco decides who's allowed to see the results. Here's why enterprise RAG needs both — and how they compose.

Azure AI Search has powerful retrieval capabilities. But for enterprises with compliance requirements, it leaves three critical security gaps: no dynamic ABAC, no deny-by-default, and no audit trail.

A step-by-step guide to connecting your identity provider to Gateco for policy-enforced AI retrievals.

Metadata filters are the most common approach to RAG access control. They're also fundamentally insufficient. Here's why app-level filtering can't replace a dedicated permission layer.

Four approaches to RAG authorization, compared: no auth, metadata filters, app-layer RBAC, and a dedicated permission layer. Pros, cons, and when each makes sense.

Vector databases retrieve based on embedding similarity. They don't know who's asking. They don't check permissions. They just return the closest matches. This is the AI security gap — and it's wider than most teams realize.