Namespace everything
Vector DB namespaces per tenant. Redis keys prefixed. DB schemas or partition. Never queries without tenant filter.
Advertisement
Prompt isolation
System prompt includes tenant ID. Model instructed to check. Not reliable alone. Combine with retrieval-side filter.
Advertisement
Memory partitioning
Agent memory strictly per tenant. Never shared. Test with cross-tenant probes.
Fine-tuning isolation
Per-tenant adapters (LoRA) or fully separate models. Depends on data sensitivity.