Retrieval-Augmented Generation (RAG) is all the hype – and rightly so: context-aware answers, up-to-date data, intelligent applications. But what happens when RAG encounters truly sensitive data? And what if this data is processed in infrastructures that may be under the influence of an untrusted administration?

In this talk, we will explore the tension between technical innovation and the actual security situation. Based on Java, we will develop a secure RAG architecture – traceable, modular, and robust. We will discuss:

How to use vector databases securely (and where it becomes dangerous)

What role does AI hosting play (cloud? on-premises? hybrid?)

Why you should pay attention not only to the prompt in LLMs, but also to the protocol

And how to equip RAG with trust anchors in Java – technically and strategically

A talk for everyone who not only wants to make money with RAG, but also wants to sleep soundly.