RAG security
RAG / Knowledge System Security Packet
A tenant-safe retrieval model with a leakage findings list and remediation backlog.
The first deliverable is a decision package: what is in scope, what is required, what is blocked, and what can proceed.
No production testing, adversarial activity, access to secrets, or customer-data processing happens without explicit authorization and the right agreement path. Do not enter secrets or credentials here.
What to gather for this packet
Needed: Retrieval architecture · Data sources & sensitivity · Tenant boundary model · Ingestion pipeline
Helpful: Vector store config · Permission model docs · Logs/evals
Bring names and high-level descriptions only — exact targets, accounts, and credentials are shared later through a secure channel.
Engagement
Readiness inputs
Deliverables you want
Packet modules
- Scope Brief — What is in scope, what decision is being made, and what success looks like.
- Authorization Statement — Confirmation the org owns, controls, or is authorized to assess the targets.
- Evidence Handling Plan — Where evidence is stored, redaction, retention, and deletion.
- Contract Requirements — The required and conditional agreements for this engagement.
- Draft SOW Inputs — Scope, window, deliverables, and acceptance inputs for the SOW.
- Open Questions — What is still required before a scoping call or private offer.
- Follow-On Recommendations — Natural next services once this engagement completes.
- Target Inventory — The named systems, endpoints, repos, accounts, or surfaces in scope.
- RAG Boundary — Retrieval sources, embeddings, tenant boundaries, and ingestion paths.
- Access Plan — How access and test accounts are provisioned through a secure channel.
- Data Handling Plan — Data sensitivity, masking, sample-only, retention, and deletion rules.
- Deliverables Plan — The artifacts the buyer will receive and in what format.
RAG / Knowledge System Security Packet — preview
RAG security
Scope Brief
- Organization: To be specified during scoping
- Decision: A tenant-safe retrieval model with a leakage findings list and remediation backlog.
- Driver: RAG retrieval, embeddings, ingestion, and tenant boundaries may leak customer or cross-tenant data.
Authorization Statement
- Not yet confirmed — required before any access or testing.
Evidence Handling Plan
- Evidence stored in an access-controlled encrypted store; redaction; agreed retention + deletion.
Contract Requirements
- Mutual NDA — Required for this engagement.
- Evidence Handling Policy — Required for this engagement.
- Statement of Work Template — Required for this engagement.
- Assessment Terms Addendum — Required for this engagement.
- No-Cost Scoping Retainer (conditional) — Scope before any paid work or active testing.
Draft SOW Inputs
- Engagement: RAG / Knowledge System Security Packet
- Deliverables: 8 selected
- Budget category: Product security / data security / AI program
Open Questions
- Authorization (own / control / explicitly authorized to assess the targets)
- Target inventory (named systems/endpoints in scope)
- RAG boundary (sources, tenant boundaries, ingestion)
- Access plan (how access and test accounts are provisioned securely)
Follow-On Recommendations
- ai red team adversarial testing
- ai product security assessment
- claim readiness evidence
Target Inventory
- No named targets yet — required before testing.
RAG Boundary
- RAG boundary needed.
Access Plan
- Access plan needed — secure-channel provisioning, no public credentials.
Data Handling Plan
- Sensitive data in scope: No
- Standard handling; secrets masked; minimum-necessary access.
Deliverables Plan
- RAG Architecture Intake
- Data Source Inventory
- Tenant Boundary Map
- Retrieval Permission Model
- Document Ingestion Review
- Prompt Injection Test Plan
- RAG Leakage Findings
- Remediation Backlog
Clarify the problem.
Define success.
Choose the right next step.
A 5–10 minute planner that turns AI security ambiguity into a clear, measurable prescription.
Reduce uncertainty fast
We ask the right questions, not all the questions.
See what matters
Surface risks, blockers, assumptions, and the real problem.
Get a clear prescription
Recommended paths, effort, and acceptance criteria up front.
Sessions are saved locally in your browser. No account required.
SCOPE in progress
What we currently believe
Next best question
Who is the final user of your AI product?
This helps us understand risk exposure and set the right success criteria.
Your input is private and saved locally.
Export prescription when ready →
Choose the use case closest to your challenge. SCOPE loads the right questions for your context.
Onboarding
Move four tracks in parallel
We put legal, finance, procurement, and technical scoping on parallel rails so the work can start without waiting on every internal process sequentially.
Technical Scoping
Output: Draft Launch Review Plan
- architecture
- demo/staging
- prompts
- RAG
- agents/tools
- authz
- logs/evals
- test boundaries
Legal
Output: NDA + Scoping Authorization
- mutual NDA
- data handling
- authorized testing boundaries
- confidentiality
- work-product terms
Finance / Procurement
Output: Procurement Packet
- vendor profile
- tax/payment details
- budget category
- fixed-fee quote path
- invoice terms
- onboarding answers
Internal Approval
Output: Approval Memo
- why now
- business pressure
- risk if delayed
- expected deliverables
- timeline
- decision needed
Output
Your output: a clear, measurable prescription.
SCOPE delivers a one-page engagement plan you can share and act on immediately.
- Situation & core problem
- Desired outcome & success criteria
- Key risks & assumptions
- Recommended path(s)
- Effort, timing & impact
- Open questions & next step
SCOPE Prescription
Situation
Criteria
Recommended path
Next step
Export as markdown ↗