Back to Blog
AI SecurityEncryptionTenant IsolationHuman-in-the-loopAudit

The Six Security Pillars — From Authentication to Human-in-the-Loop

ÁZ&A
Ádám Zsolt & AIMY
||4 min read

This article is part 2 of the AI Security and Data Protection in Enterprise Environments whitepaper series. Other parts: Key questions and data flow, GDPR, EU AI Act and attack surfaces, Cloud vs. on-premise and checklist.

The Six Security Pillars

Pillar 1 — Authentication and Authorization

Who are you, and what are you allowed to do?

  • JWT token-based authentication: Every API request is authenticated — invalid tokens mean no access
  • Role-based access control (RBAC): admin, operator, user — different permissions
  • OAuth2 for external systems: For Gmail, Calendar and other external services, the user personally grants permission — the application never asks for their password

If the user revokes Gmail access, the AI agent immediately loses email capabilities — there is no "hidden access."

Pillar 2 — Tenant Isolation

One customer's data never mixes with another's.

In a SaaS / multi-tenant system, this is an absolute baseline requirement:

  • Every database query is filtered by providerId
  • AI agent tools are also isolated at the provider level
  • The Knowledge Graph, embeddings, and RAG context are per-customer
  • Connector tokens (Gmail, Calendar) are stored per-customer, encrypted

Testing principle: A user from Company A should never, under any request, receive a response derived from Company B's data.

Pillar 3 — Data Minimization

The AI only sees what it must.

This isn't just a GDPR requirement — it's security best practice:

  • The RAG pipeline filters by relevance: only passes content similar to the question to the LLM
  • Token budget: Maximum ~3000 tokens of context → doesn't "dump everything," just the most important parts
  • Tool-level filtering: If the AI queries the calendar, it doesn't receive CRM data alongside it
  • Connector synchronization is also selective: not the entire Gmail, but relevant emails

Pillar 4 — Encryption

Data must be encrypted — at rest and in transit.

Layer Solution
Database (at rest) AES-256 encryption
Network communication (in transit) TLS 1.3
OAuth token storage AES-256 encrypted fields
LLM API communication HTTPS (TLS 1.2+)
Backups Encrypted backups

Pillar 5 — Audit and Logging

Every AI action is traceable — who, when, what, with what result.

The audit log contains:

  • The user's identifier
  • The request text (or its hash, if sensitive)
  • The list of tools invoked by the AI and their parameters
  • The result received
  • The size of context sent to the LLM (token count)
  • The response time and status
  • If there was human-in-the-loop approval: who approved and when

This isn't just compliance — it's also the foundation for debugging and optimization.

Pillar 6 — Human-in-the-Loop

The most important security layer: the human.

Operation Type Risk AI Authorization Example
Data query Low Automatic CRM search, email reading
Summary, report Low Automatic Pipeline summary
Task creation Medium-Low Notification "I created a follow-up task"
Email sending Medium Approval required "Can I send this email?"
Deal modification Medium Approval required Deal stage change
Invoice generation High Multi-level approval Finance + admin approval
Data deletion High Prohibited AI cannot delete data

The system is designed so that AI prepares and recommends — but the final, irreversible decision is made by humans.

Next part: GDPR, EU AI Act and specific attack surfaces.

Share:
Back to Blog

Related Articles

You might also find these topics interesting — curated from our blog.