Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> You search for matching documents in your vector database / index. Once you have found the potentially relevant list of documents you check which ones can the current user access. You only pass the ones over to the LLM which the user can see.

Sometimes the potentially relevant list of documents itself is a leak all by itself.



But you process that list in a trusted audited app tier not in the client environment


A naive approach could still leak information through side channels. E.g. if you search regularly for foobar, the answer might suddenly get slower if foobar appears more in the document base.

Depending on the context it could be relevant.


But we're talking about access control, so in this case "filtering for foobar" means "filtering for stuff I'm allowed to see", and the whole point is that you can never turn that filter off to get a point of comparison.

If Joe's search is faster than Sally's because Sally has higher permissions, that's hardly a revelation.


That's nothing specific to LLM-enhanced search features though, right? Any search feature will have that side channel risk




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: