We’ve recently seen the rise of Retrieval Augmented Generation (RAG) systems. With the proliferation of AI Agents & LLMs in Enterprise, the next step in the evolution is Agentic RAG. But this introduces a subtle but critical problem: authorization is no longer a single check, but a chain of decisions across tools, memory, and retrieval layers and this breaks more often than you expect.

This talk is a deep dive into how modern authorization systems can ensure that AI Applications have access only to authorized data. The talk will look at why the Google Zanzibar model of authorization which uses Relationship-Based Access Control (ReBAC) is well suited to handle dynamic, relationship-driven authorization at scale. The talk explains how the Google Zanzibar system works under the hood, and how to apply it to Agentic RAG with techniques such as pre-filteration and post-filteration. Learning these fundamentals might just prevent broken access control issues in your application.

The talk will also include a live coding demo implementing authorization for Agentic RAG using Open Source tools such as Weaviate, Langchain, and SpiceDB.