Namespace everything

Vector DB namespaces per tenant. Redis keys prefixed. DB schemas or partition. Never queries without tenant filter.

Advertisement

Prompt isolation

System prompt includes tenant ID. Model instructed to check. Not reliable alone. Combine with retrieval-side filter.

Advertisement

Memory partitioning

Agent memory strictly per tenant. Never shared. Test with cross-tenant probes.

Fine-tuning isolation

Per-tenant adapters (LoRA) or fully separate models. Depends on data sensitivity.