Rag Scenarios And Solutions
Cross-Agent Knowledge Leakage
Information from one agent's conversations or private knowledge base inadvertently appears in another agent's responses, violating data boundaries.
TL;DR
Information from one agent's conversations or private knowledge base inadvertently appears in another agent's responses, violating data boundaries.
Key Takeaways
- The Problem
- Deep Technical Analysis
- How to Solve
- Agent Instructions: Querying This Documentation
The Problem
Information from one agent's conversations or private knowledge base inadvertently appears in another agent's responses, violating data boundaries.
Symptoms
- ❌ Agent B references Agent A's conversation
- ❌ Private knowledge appears in wrong agent
- ❌ Cross-contamination between agents
- ❌ Shared memory causes leakage
- ❌ Cannot guarantee isolation
Real-World Example
Setup:
→ Sales Agent: Access to sales pipeline, deals, pricing
→ Support Agent: Access to help docs only
User asks Support Agent: "What discounts are available?"
Support Agent responds: "We recently offered AcmeCorp a 25%
discount for enterprise plan (as discussed in sales pipeline)."
Problem:
→ Support Agent accessed Sales Agent's private data
→ Confidential pricing leaked
→ Data isolation failed
Deep Technical Analysis
Shared Infrastructure Risks
Single Vector DB:
All agents use same vector DB:
→ Sales docs embedded
→ Support docs embedded
→ No isolation
Query from Support Agent:
→ Retrieves across all data
→ Including Sales docs
→ Leakage occurs
Conversation History Contamination:
Agent memory stores conversation:
→ Sales Agent conversation with user A
→ Support Agent conversation with same user A
If shared memory:
→ Support Agent sees Sales history
→ Context bleeds across agents
Metadata Filtering Failures
Incomplete Tagging:
Some chunks missing agent_id:
{
vector: [...],
metadata: {
document: "pricing.pdf",
# Missing: agent_id field
}
}
Retrieval query:
WHERE agent_id = 'support_agent'
→ Doesn't match untagged chunks
→ BUT: untagged chunks retrievable without filter
→ Leakage
Filter Bypass:
Application bug:
→ Forgot to add agent_id filter to query
→ Retrieves from all agents
→ Exposes cross-agent data
Defense in depth needed:
→ Multiple isolation layers
→ Not just metadata filtering
Session/User Context Confusion
User Switches Agents:
User conversation:
→ Minute 1: Talks to Sales Agent
→ Minute 2: Switches to Support Agent
If session carries over:
→ Support Agent sees Sales context in history
→ May reference it in response
→ Unintended leakage
Multi-Agent Workflows:
Agentic workflow:
1. Sales Agent gathers requirements
2. Hands off to Engineering Agent
3. Engineering Agent designs solution
Handoff must be controlled:
→ Only pass necessary context
→ Don't expose full Sales knowledge base
How to Solve
Use separate vector DB namespaces or indexes per agent + enforce mandatory agent_id filtering at query time + isolate conversation history by agent + implement access control validation layer + audit cross-agent queries + clear session context when switching agents. See Cross-Agent Isolation.
Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the ask query parameter:
GET /dev/rag-scenarios-and-solutions/privacy/tenant-leakage.md?ask=<question>
The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
Related Pages
Last updated January 26, 2026
