Cross-Tenant Data Leakage in AI Agents
Cross-tenant data leakage occurs when a multi-tenant AI agent inadvertently exposes one user's data to another user. This happens through shared conversation memory, cached embeddings, persistent agent state, or RAG systems that don't properly filter results by tenant.
Frequently Asked Questions
How does cross-tenant data leakage happen in AI agents?
Common vectors: (1) Shared conversation memory across users, (2) Vector databases without tenant filtering in RAG queries, (3) Agent state persisted globally instead of per-tenant, (4) Cached responses served to wrong users, (5) System prompts that include data from other tenants.
How do you prevent cross-tenant leakage in AI agents?
Implement strict tenant isolation: separate vector namespaces per tenant, include tenant_id in all database queries, never share agent state between sessions, and use tenant-scoped API keys. Audit data paths to ensure no cross-tenant data flow exists.
Does Inkog detect cross-tenant data leakage?
Yes. Inkog identifies data flow paths where user data crosses tenant boundaries, shared state that lacks tenant isolation, and RAG queries without proper tenant filtering.
How Inkog Detects This
Inkog traces data flow paths across tenant boundaries, identifying shared state without tenant isolation, RAG queries that lack tenant filtering, and memory patterns where one user's data can reach another user's context.
npx -y @inkog-io/cli scan .