RAG security is the practice of controlling what retrieval-augmented generation systems can see, fetch, and surface. It combines content classification, entitlement checks, and retrieval enforcement so that the model only answers from data the requesting identity is allowed to access.
Expanded Definition
RAG security applies to retrieval-augmented generation systems that must fetch external context before producing an answer. The security problem is not just model output control, but also governing what sources the system can search, which documents it can retrieve, and whether the retrieved material matches the requester’s rights. In NHI environments, the requester may be a human user, a service account, or an AI agent acting with delegated authority.
Definitions vary across vendors, but the core security goal is consistent: retrieval must be filtered by identity, entitlement, and content sensitivity before the model sees it. That makes RAG security adjacent to access control, data governance, and secrets handling, but it is not the same as prompt filtering. A prompt guard can limit what is asked; RAG security limits what can be fetched and surfaced. The NIST Cybersecurity Framework 2.0 is useful here because it reinforces governance, access control, and data protection as linked functions rather than isolated tasks.
The most common misapplication is treating retrieval indexes as safe by default, which occurs when teams expose embedded corpora or vector stores without enforcing per-document authorization.
Examples and Use Cases
Implementing RAG security rigorously often introduces latency and governance overhead, requiring organisations to weigh answer relevance against retrieval checks, logging, and entitlement evaluation.
- An internal support assistant retrieves only policy documents marked for the caller’s business unit, while blocked documents remain invisible to the retrieval layer.
- A software engineering agent queries runbooks and incident notes, but source selection is constrained so it cannot surface API keys, tokens, or rotated secrets from adjacent repositories.
- A customer-facing chatbot uses tenant-scoped retrieval to prevent one tenant’s records from being embedded into another tenant’s answer context.
- An employee copilot consults Ultimate Guide to NHIs-style governance controls to ensure service-account access is reviewed before the retrieval pipeline is allowed to operate.
- A platform team aligns the retrieval service with NIST Cybersecurity Framework 2.0 principles so the system logs who asked, what was searched, and what was returned.
These use cases show that RAG security is not only a model concern. It is a data-access design problem, especially when agents can chain tools, call search APIs, and relay retrieved content into downstream workflows.
Why It Matters in NHI Security
RAG security becomes an NHI issue because many retrieval requests are executed by non-human identities rather than by people. If a service account or agent has broad read access, the system can unintentionally turn that identity into a high-speed disclosure path. That is especially dangerous when source data includes secrets, internal tickets, compliance records, or tenant-separated content. NHIMG research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, which is why retrieval permissions and NHI governance must be designed together.
The practical failure mode is simple: an agent is granted access for convenience, then retrieval exposes more than the original user should see. This is where Ultimate Guide to NHIs becomes relevant, because NHI visibility, rotation, and offboarding all affect whether the retrieval layer can be trusted. The NIST Cybersecurity Framework 2.0 also maps cleanly to this risk because retrieval governance depends on access control and continuous monitoring, not just model accuracy. Organisations typically encounter this consequence only after a data-leak incident or a tenant-boundary breach, at which point RAG security becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | RAG systems often expose secrets and overbroad retrieval paths tied to NHI access. |
| OWASP Agentic AI Top 10 | A2 | Agentic retrieval can leak data when tool access and context injection are not constrained. |
| NIST CSF 2.0 | PR.AC-4 | RAG security depends on access permissions being enforced before data is retrieved. |
Gate agent retrieval tools by entitlement, context scope, and output filtering before response generation.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 7, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
