New Blog | Architecting Secure Gen AI Applications


By Roee Oz


Hello, everyone. I am writing this blog using a Generative AI (GenAI) assistant to boost my productivity. My assistant can access older documents I have written and rephrase them into blog material. While granting the assistant access to my documents significantly boosts my work efficiency, it raises important security questions. Can the assistant be used by an attacker to exfiltrate my documents? In this blog, we will show how to safely grant a GenAI based application access to sensitive or user data while lowering the risk of such data being leaked.



If you are reading this, you are already involved in the development or operation of a Gen AI based application. As development of applications powered by these advanced AI tools surges, offering unprecedented capabilities in processing and generating human-like content, so does the rise of security and privacy concerns. Among those, the biggest risk is exploiting those tools for leaking sensitive data or performing unauthorized actions, putting the organization under business and legal risk. So, a critical aspect you must address in your application is the prevention of information leaks and unauthorized API access caused due to weaknesses in your Gen AI app.


This blog post delves into the best practices for securely architecting Gen AI-based applications, ensuring they operate within the bounds of authorized access and maintain the integrity and confidentiality of sensitive data.


Understanding the Risks

Gen AI applications inherently require access to diverse data sets to process requests and generate responses. This requirement spans general to highly sensitive data, contingent on the application's purpose and scope. Without careful architectural planning, these applications could inadvertently facilitate unauthorized access to confidential information or privileged operations.

The primary risks involve:

  • Information Leaks: Unauthorized access to sensitive data through the exploitation of the application's features.
  • Escalated Privileges: Unauthorized access elevation, enabling attackers or unauthorized users to perform actions beyond their standard permissions by assuming the Gen AI application identity.

Mitigating these risks necessitates a security-first mindset in the design and deployment of Gen AI-based applications.


Best Practice for Granting Permissions


Limit Application Permissions

Developers should operate under the assumption that any data or functionality accessible to the application can potentially be exploited by users through carefully crafted prompts. This includes reading fine-tunning data or grounding data and performing API invocations. Recognizing this, it is crucial to meticulously manage permissions and access controls around the Gen AI application, ensuring that only authorized actions are possible.


A fundamental design principle involves strictly limiting application permissions to data and APIs. Applications should not inherently access segregated data or execute sensitive operations. By constraining application capabilities, developers can markedly decrease the risk of unintended information disclosure or unauthorized activities. Instead of granting broad permission to applications, developers should utilize user identity for data access and operations.


Utilizing User Identity for Data Access and Operations

Access to sensitive data and the execution of privileged operations should always occur under the user's identity, not the application. This strategy ensures the application operates strictly within the user's authorization scope. By integrating existing authentication and authorization mechanisms, applications can securely access data and execute operations without increasing the attack surface.


Read the full post here: Architecting Secure Gen AI Applications: Preventing information leaks and escalated privileges

1 Reply
Great article! I believe leveraging Microsoft Purview can help in adopting and protecting AI-based applications with analytics that help make informed decisions quickly.
Securing data in an AI-first world with Microsoft Purview