Vector Database Security
What is Vector Database Security?
Vector Database SecurityThe set of controls that protect vector databases used by AI systems from data leakage, poisoning, tenant cross-talk, and supply-chain or operational compromise.
Vector databases such as Pinecone, Weaviate, Milvus, Qdrant, Chroma, and the pgvector extension for PostgreSQL store the embeddings underpinning RAG, semantic search, recommendations, and AI agents. Their security model resembles that of a database but with new concerns. Vectors can be inverted to leak source text, similarity queries can exfiltrate sensitive content via repeated probes, multi-tenant indexes can leak between customers when filtering rules are mis-applied, and the corpus can be poisoned to influence model outputs. Sound practice includes encryption at rest and in transit, fine-grained authentication and authorisation, namespace and metadata-based filtering, audit logging of queries, content validation during ingestion, and treating embeddings as potentially personal data.
● Examples
- 01
A pgvector instance enforces Postgres RLS so that tenants only see their own embeddings.
- 02
Pinecone namespaces and API key scoping prevent cross-tenant similarity leaks.
● Frequently asked questions
What is Vector Database Security?
The set of controls that protect vector databases used by AI systems from data leakage, poisoning, tenant cross-talk, and supply-chain or operational compromise. It belongs to the AI & ML Security category of cybersecurity.
What does Vector Database Security mean?
The set of controls that protect vector databases used by AI systems from data leakage, poisoning, tenant cross-talk, and supply-chain or operational compromise.
How does Vector Database Security work?
Vector databases such as Pinecone, Weaviate, Milvus, Qdrant, Chroma, and the pgvector extension for PostgreSQL store the embeddings underpinning RAG, semantic search, recommendations, and AI agents. Their security model resembles that of a database but with new concerns. Vectors can be inverted to leak source text, similarity queries can exfiltrate sensitive content via repeated probes, multi-tenant indexes can leak between customers when filtering rules are mis-applied, and the corpus can be poisoned to influence model outputs. Sound practice includes encryption at rest and in transit, fine-grained authentication and authorisation, namespace and metadata-based filtering, audit logging of queries, content validation during ingestion, and treating embeddings as potentially personal data.
How do you defend against Vector Database Security?
Defences for Vector Database Security typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Vector Database Security?
Common alternative names include: Vector store security, Vector DB hardening.
● Related terms
- ai-security№ 897
RAG
Retrieval-Augmented Generation: an LLM pattern that fetches relevant documents from a knowledge store at query time and injects them into the prompt to ground responses.
- ai-security№ 376
Embedding Attacks
A class of attacks against AI embedding vectors that recover, alter, or abuse the original input or its semantics, including embedding inversion and similarity-based poisoning.
- ai-security№ 281
Data Poisoning
An attack on a machine-learning system in which adversaries inject, alter, or relabel training data so the resulting model behaves incorrectly or contains hidden backdoors.
- cryptography№ 379
Encryption
The cryptographic transformation of plaintext into ciphertext using an algorithm and key so that only authorized parties can recover the original data.