For Security Teams
Close the RAG authorization gap — for CISOs and security teams
Identity-based access control and full auditability, enforced at retrieval time, across every vector DB your engineering team already uses.
The RAG authorization gap
Your application already enforces access control at the API layer — users can only call endpoints they're authorized for. But when that API calls a RAG pipeline, semantic search doesn't know about identity. A query against a vector database returns the closest chunks regardless of who asked, unless you explicitly enforce access at the retrieval layer.
This is the gap: every AI feature your engineering team ships is potentially serving documents to principals who shouldn't see them. Application-layer controls stop at the API boundary. The vector DB sees a query, not a principal. Gateco enforces the boundary that's missing.
5 questions your auditor will ask
Mapped to SOC 2, ISO 27001, NIST AI RMF, and EU AI Act obligations.
Who can our AI access?
SOC 2 CC6.1IDP sync (Azure Entra, AWS IAM, Okta, GCP) populates principals and their attributes. Every retrieval resolves to a named principal before any policy is evaluated. No anonymous access.
Can we prove what was retrieved?
ISO 27001 A.8.15Yes. Every retrieval decision is logged with principal ID, resource ID, policy ID, decision, search mode, and timestamp. 25 audit event types, 90-day default retention, exportable to CSV/JSON.
Can we revoke access without a redeploy?
NIST AI RMF GOVERN-1.1Yes. Policy changes take effect immediately on the next retrieval — no migration window, no service restart. Revoke a principal's access in the dashboard; the next query enforces it.
Can we classify and gate sensitive content?
EU AI Act Article 10Yes. Classification labels (public / internal / confidential / restricted) are enforced at retrieval time via ABAC policies. A principal cannot receive a chunk classified above their clearance.
Will it fail safely?
EU AI Act Article 15Yes. Fail-closed by default. On any policy evaluation error, the retrieval is denied and the decision is logged with decision=error_deny. No ambiguous access, no silent failures.
Compliance crosswalk
How Gateco maps to the specific controls your auditors check.
| Control | Requirement | Gateco capability |
|---|---|---|
| SOC 2 CC6.1 | Logical and physical access controls | Deny-by-default retrieval with principal-level audit trail for every AI access decision |
| SOC 2 CC7.2 | Monitor system components for anomalies | 25 audit event types, SIEM streaming on Enterprise, per-connector circuit breaker telemetry |
| ISO 27001 A.8.3 | Information access restriction | Classification labels + ABAC policies enforce least-privilege at retrieval time, not document-level |
| NIST AI RMF GOVERN-1.1 | AI risk management policies and accountability | Policy-as-code with version history, draft/active/archived lifecycle, approval workflow |
| EU AI Act Article 9 | Risk management system throughout AI lifecycle | Access Simulator dry-runs policy changes before going live; versioned policies with diff view |
| EU AI Act Article 12 | Automatic logging for post-hoc traceability | 25 audit event types; retrieval logs include decision, policy, principal, resource, timestamp |
Questions security teams ask
What's the latency impact?
Under 25ms p95 policy overhead per retrieval. Benchmarks are public by connector — see /security for the SLO. Fail-closed means a slow evaluation denies, never silently allows.
Can we use this without changing the vector DB?
Yes. Gateco sits in the retrieval path between your AI application and the vector DB. Your vector DB, its schema, and your ingestion pipelines are unchanged.
What about our existing IAM?
Gateco syncs from your IDP — Azure Entra, AWS IAM, Okta, or GCP Cloud Identity. Your identity source stays authoritative. Gateco does not replace IAM; it reads from it.
What if pgvector RLS is already in place?
RLS works until it doesn't: no audit trail, no IDP sync, no cross-DB policy reuse, no instant revocation. Gateco replaces the DIY layer and adds compliance evidence. See the comparison → Read the comparison →
Is there an open-source or self-hosted option?
Private Data Plane and self-host are on the roadmap for Q3 2026. Join the waitlist at /contact?interest=vpc-deployment to shape the deployment model.
Book a 30-minute security review
We'll walk through your RAG pipeline, map it to your compliance obligations, and identify the authorization gaps — at no cost.