RAG security
RAG / Knowledge System Security Packet
A tenant-safe retrieval model with a leakage findings list and remediation backlog.
The first deliverable is a decision package: what is in scope, what is required, what is blocked, and what can proceed.
No production testing, adversarial activity, access to secrets, or customer-data processing happens without explicit authorization and the right agreement path. Do not enter secrets or credentials here.
What to gather for this packet
Needed: Retrieval architecture · Data sources & sensitivity · Tenant boundary model · Ingestion pipeline
Helpful: Vector store config · Permission model docs · Logs/evals
Bring names and high-level descriptions only — exact targets, accounts, and credentials are shared later through a secure channel.
Engagement
Readiness inputs
Deliverables you want
Packet modules
- Scope Brief — What is in scope, what decision is being made, and what success looks like.
- Authorization Statement — Confirmation the org owns, controls, or is authorized to assess the targets.
- Evidence Handling Plan — Where evidence is stored, redaction, retention, and deletion.
- Contract Requirements — The required and conditional agreements for this engagement.
- Draft SOW Inputs — Scope, window, deliverables, and acceptance inputs for the SOW.
- Open Questions — What is still required before a scoping call or private offer.
- Follow-On Recommendations — Natural next services once this engagement completes.
- Target Inventory — The named systems, endpoints, repos, accounts, or surfaces in scope.
- RAG Boundary — Retrieval sources, embeddings, tenant boundaries, and ingestion paths.
- Access Plan — How access and test accounts are provisioned through a secure channel.
- Data Handling Plan — Data sensitivity, masking, sample-only, retention, and deletion rules.
- Deliverables Plan — The artifacts the buyer will receive and in what format.
RAG / Knowledge System Security Packet — preview
RAG security
Scope Brief
- Organization: To be specified during scoping
- Decision: A tenant-safe retrieval model with a leakage findings list and remediation backlog.
- Driver: RAG retrieval, embeddings, ingestion, and tenant boundaries may leak customer or cross-tenant data.
Authorization Statement
- Not yet confirmed — required before any access or testing.
Evidence Handling Plan
- Evidence stored in an access-controlled encrypted store; redaction; agreed retention + deletion.
Contract Requirements
- Mutual NDA — Required for this engagement.
- Evidence Handling Policy — Required for this engagement.
- Statement of Work Template — Required for this engagement.
- Assessment Terms Addendum — Required for this engagement.
- No-Cost Scoping Retainer (conditional) — Scope before any paid work or active testing.
Draft SOW Inputs
- Engagement: RAG / Knowledge System Security Packet
- Deliverables: 8 selected
- Budget category: Product security / data security / AI program
Open Questions
- Authorization (own / control / explicitly authorized to assess the targets)
- Target inventory (named systems/endpoints in scope)
- RAG boundary (sources, tenant boundaries, ingestion)
- Access plan (how access and test accounts are provisioned securely)
Follow-On Recommendations
- ai red team adversarial testing
- ai product security assessment
- claim readiness evidence
Target Inventory
- No named targets yet — required before testing.
RAG Boundary
- RAG boundary needed.
Access Plan
- Access plan needed — secure-channel provisioning, no public credentials.
Data Handling Plan
- Sensitive data in scope: No
- Standard handling; secrets masked; minimum-necessary access.
Deliverables Plan
- RAG Architecture Intake
- Data Source Inventory
- Tenant Boundary Map
- Retrieval Permission Model
- Document Ingestion Review
- Prompt Injection Test Plan
- RAG Leakage Findings
- Remediation Backlog
Onboarding
Move four tracks in parallel
We put legal, finance, procurement, and technical scoping on parallel rails so the work can start without waiting on every internal process sequentially.
Technical Scoping
Output: Draft Launch Review Plan
- architecture
- demo/staging
- prompts
- RAG
- agents/tools
- authz
- logs/evals
- test boundaries
Legal
Output: NDA + Scoping Authorization
- mutual NDA
- data handling
- authorized testing boundaries
- confidentiality
- work-product terms
Finance / Procurement
Output: Procurement Packet
- vendor profile
- tax/payment details
- budget category
- fixed-fee quote path
- invoice terms
- onboarding answers
Internal Approval
Output: Approval Memo
- why now
- business pressure
- risk if delayed
- expected deliverables
- timeline
- decision needed
Output
Your output: a clear, measurable prescription.
SCOPE delivers a one-page engagement plan you can share and act on immediately.
- Situation & core problem
- Desired outcome & success criteria
- Key risks & assumptions
- Recommended path(s)
- Effort, timing & impact
- Open questions & next step
SCOPE Prescription
Situation
Criteria
Recommended path
Next step
Export as markdown ↗