LLM08: Vector and Embedding Weaknesses

What this risk means

RAG systems are only as secure as the retrieval and embedding pipeline. Misconfigured access control on vector stores, cross-tenant retrieval, or embedding inversion can leak entire knowledge bases. Vector-DB vendors and the customers using them share this surface.

How TrustAtlas dimensions address it

Data-handling covers per-tenant isolation, encryption, and retention; security covers access-control posture (RBAC, audit logging, MFA on admin paths).

See methodology for how each dimension is scored across the catalog.

Questions to ask vendors

Drop these into RFPs, due-diligence questionnaires, or a procurement scorecard. Each question maps back to evidence visible on the vendor's TrustAtlas profile.

1. How is per-tenant isolation enforced in your vector store — separate namespaces, separate clusters, or schema-level row filters?
2. Are embeddings encrypted at rest? Is customer-managed-key (BYOK / CMK) available, and on what tier?
3. What is your access-control posture on admin paths — is MFA enforced, and is privileged access logged immutably?
4. Have you evaluated your embedding model against embedding-inversion attacks, and can you share that evaluation?

Related

• Back to the full OWASP LLM Top 10 cross-walk
• NIST AI RMF cross-walk — the U.S. enterprise companion framework
• TrustAtlas methodology — how the 8 risk dimensions are scored
• Browse the vendor directory and filter by the dimensions tied to this risk