News

Authorization Company Targets AI Security Risks with New Infrastructure Tools

• By John K. Waters
• 06/29/2025

Authorization infrastructure company AuthZed has launched specialized tools to help organizations control how artificial intelligence systems access and handle sensitive data, addressing growing security concerns as AI adoption accelerates in enterprise environments.

The company announced official support for Retrieval-Augmented Generation (RAG) and Agentic AI systems, which are increasingly used by organizations to build AI applications that interact with proprietary databases and act on behalf of users across different systems.

RAG is a technique that enhances the performance of Large Language Models (LLMs) by combining them with external knowledge sources. Instead of relying solely on the LLM's pre-trained knowledge, RAG enables the model to retrieve relevant information from a specified knowledge base and incorporate it into its response, leading to more accurate, informative, and contextually relevant answers.

AuthZed's new offering uses its open-source permissions system, SpiceDB, which is based on Google's internal authorization framework called Zanzibar. The system is designed to handle large-scale permission management, processing millions of authorization checks per second across complex enterprise environments.

Security Risks Drive Demand
The expansion comes as organizations face mounting challenges in controlling AI system access to sensitive information. The Open Web Application Security Project (OWASP) identified inadequate authorization controls as a top risk in its 2025 ranking of threats to large language model applications.

Traditional authorization systems were not designed to handle the complexity of AI applications, which can retrieve information across multiple databases, act autonomously on behalf of users, and process data from various sources simultaneously.

Jake Moshenko, CEO of AuthZed, said customer demand drove the company's focus on AI authorization challenges. The company's existing client base includes Workday, National Bank of Canada, and other enterprises that handle sensitive financial and personal data.

Industry analyst Janakiram MSV of Janakiram & Associates said AI systems require robust governance infrastructure to gain enterprise trust, particularly as they handle increasing amounts of proprietary information.

RAG System Controls
For RAG systems, which enhance AI responses by retrieving information from external databases, AuthZed's tools allow organizations to filter documents before they are processed and exclude unauthorized content from search results.

The system can synchronize permissions in real-time from enterprise platforms including Google Workspace and SharePoint, ensuring that AI applications respect existing access controls when retrieving information.

This approach aims to prevent data leaks while maintaining system performance, a balance that has proven challenging for organizations implementing AI systems that access multiple data sources with different permission requirements.

Agent Oversight Framework
For autonomous AI agents, AuthZed provides what it calls an "Agentic AI Authorization Model" that defines and enforces limitations on agent actions based on the permissions of users they represent.

The framework includes functionality controls that restrict which tools or APIs an agent can access, permissions management that inherits user-level access rights, and oversight mechanisms that require approvals for sensitive actions while maintaining audit logs.

These controls address concerns about AI agents performing unauthorized actions or accessing information beyond their intended scope, risks that have grown as organizations deploy more autonomous AI systems.

Market Response
The authorization infrastructure market has grown alongside AI adoption, as organizations seek to balance AI capabilities with security requirements. Companies are particularly focused on preventing AI systems from inadvertently exposing sensitive data or performing actions beyond intended parameters.

AuthZed's SpiceDB system can scale to trillions of access control lists, positioning it to handle the complex permission requirements of large-scale AI deployments across enterprise environments.

The company's approach reflects broader industry efforts to adapt traditional security frameworks for AI applications, which often require real-time permission checks across multiple systems and data sources.

Organizations implementing AI systems face increasing regulatory scrutiny over data handling practices, making authorization controls a critical component of AI deployment strategies.