How to Prevent AI Agents from Accessing Unauthorized Data - Sohan Maheshwar

"As AI systems move into production, data security and access control become critical. In the era of AI agents, enterprises must move beyond experimentation to Day 2 operations, where guardrails, compliance, and fine-grained authorization define success. This session explores how to design permission systems that ensure AI agents access only authorized data while maintaining efficient and accurate responses. The talk introduces Relationship-Based Access Control (ReBAC), popularised by Google’s Zanzibar model, as a scalable approach for fine-grained authorization in AI-driven environments. It also includes a live demonstration of implementing secure access control for AI agents and RAG pipelines using Pinecone, LangChain, OpenAI, and SpiceDB, showing how these components work together in practice. What You Will Learn •How to design fine-grained authorization systems for AI agents and RAG pipelines •Why the Zanzibar-inspired ReBAC model is effective for scalable AI authorization •How to implement secure access control using Pinecone, LangChain, OpenAI, and SpiceDB More on-demand engineering talks: https://saltmarch.com/on-demand GAINS 2026 | 09th–10th December | Bengaluru India’s first engineering conference for the AI-native software era https://ainativesummit.com GIDS 2027 | 20th Edition | 27th–30th April | Bengaluru https://developersummit.com"