Retrieval-Augmented Generation (RAG) is an emerging trend that combines retrieval mechanisms with large language models (LLMs) to generate responses based on specific, often external, knowledge sources. Though RAG can improve the context, accuracy and relevance of responses, but it also introduces unique security threats, including the following:

• Leakage/Proliferation of private data
• Data Oversharing with LLMs
• Adversarial Retrieval Manipulation / Poisoning
• Weak Data Access Control

What is InspectRAG

InspectRAG is an enteprise-level RAG(Inspect Retrieval-Augmented Generation) with a secure document access and retrieval system that integrates OpenID for authentication, Active Directory (AD) for role management, and SharePoint for storing and managing documents.

It ensures that only authorized users can query and access files based on real-time permission matching. Whether deployed on-premise or in the cloud, InspectRAG offers seamless integration with your organization’s existing infrastructure to enhance security, compliance, and collaboration.

InspectRAG Features

The InspectRAG architecture demonstrates how different integral components integrate to provide secure RAG access to the enterprise documents and efficient role-based querying.

• User Authentication: Users log in via OpenID, which integrates with Windows Active Directory (AD) or Azure AD to fetch users, roles, and group memberships.
• Fetching Files and Permissions: Files and their permissions are accessed from SharePoint via webhooks and event receivers.
• User Roles and Permissions: OpenID ensures the user’s roles are matched with SharePoint access roles to control access and querying permissions within InspectRAG.
• Query Execution: Once authenticated, the user can issue queries to InspectRAG. Queries related to files are verified against permissions before access is granted.
• Asynchronous Task Handling: Celery queues and processes tasks efficiently, ensuring the system remains responsive even when handling large workloads.
• Storing File Embeddings: File embeddings, along with metadata such as roles, permissions, and creators, are stored in the PG VectorDB. This allows fast and accurate querying for users with appropriate access.