Immuta Announces Multi-Layered Data Governance and Audit for RAG-Based GenAI Applications

Enterprises can leverage their investments in cloud data governance frameworks and provide a unified control plane for managing, monitoring, and auditing AI application workloads

BOSTON, June 3, 2024 — Immuta, the data security experts, today announced new data governance and audit capabilities for Retrieval Augmented Generation (RAG)-based GenAI solutions across multiple cloud platforms. With this release, Immuta is first-to-market with a multi-layer architecture for securing, monitoring, and auditing sensitive data accessed by RAG-based AI applications.

A recent survey by Immuta found that 80% of data experts agree that AI is making data security more challenging. Despite this, 88% also say their employees are using AI, regardless of whether the company has officially adopted it. This can cause friction between AI users and IT, as well as rogue or unsanctioned use of AI tools, known as shadow AI. Preventing these issues requires a broadening of access control philosophy, with lines of defenses across the storage layer, data layer, and prompt layer.

RAG-based applications are beginning to transform multiple industries such as customer service with highly effective personalized customer support chatbots and retail with smart recommendation systems. With more scalable native controls, data governors and data stewards can de-risk their data and take control of generative AI security at the storage and data layers. This means data teams are able to leverage their existing cloud data policies and innovate in their business with AI faster, all while keeping risks at bay.

“Operating at the first two lines of defense – the storage and data layers – is essential to scaling secure enterprise AI workloads,” said Mo Plassnig, Chief Product Officer, Immuta. “With Immuta, data teams now have a single control plane for policy enforcement, visibility, and auditing at the storage and data layers that works across multiple cloud platforms and RAG models. This means data teams are able to leverage the significant investments they have made in their cloud data platforms, and rapidly extend their platform capabilities to their AI application workloads.”

The storage layer and first line of defense is where unstructured data remains at rest, most commonly in Amazon S3, ADLS, or Google Storage. Immuta collaborated with AWS to develop a native Amazon S3 integration that enforces fine-grained and scalable access control on unstructured data stored in S3. With Immuta, attribute-based access controls (ABAC) are pushed down to the storage layer, which is critical in securing the first line of defense.

The data layer and second line of defense is where unstructured data is transformed for model training and encoded for RAG use cases. Using RAG enables large language models (LLMs) to utilize domain specific knowledge sources, improving timeliness and reducing hallucinations. The vector indexes, central to RAG empowered applications, can be discovered, classified, and controlled in the same manner as other, traditional data sources.

With the Immuta GenAI solution, data teams can:

  • Control access to the storage layer with multi-layered policies for securing sensitive data when building RAG indexes.
  • Maintain a highly accurate and granular metadata inventory of RAG indexes with topic-based classification of row-level data and RAG indexes, which Immuta treats as additional data sources.
  • Control access to RAG-based applications, enforced at the data layer to give data platform teams control through natural language policy creation, prompt/query-time policy enforcement, multi-platform RAG support from Snowflake and Databricks, and domain-specific RAG policy.
  • Monitor and audit RAG index access with operational monitors that provide a continuous view into RAG operations, and a single view of AI application data access across all supported platforms.

AI application developers are looking to move as fast as possible, regardless of potential data risks. Any friction increases the likelihood of teams developing shadow AI applications that are outside of company control and visibility. Using these new capabilities from Immuta as the single source of policy management and activity monitoring, customers like have centralized policy management and enforced policies consistently across all data sources – reducing friction with no manual effort required.

Learn more about Immuta and its solutions for securing data for GenAI here.

About Immuta

Immuta unifies data security and governance across complex data ecosystems, continuously monitoring and de-risking sensitive data – all at enterprise scale. Since 2015, Immuta has provided Fortune 500 companies and government agencies around the world with a single platform to govern, control, and audit enterprise data for use in BI and analytics, data marketplaces, AI, and whatever comes next. To see how Immuta de-risks data and speeds discovery, collaboration, and innovation, visit


Tucker Hallowell, [email protected]