Encryption Hub · Encrypted RAG
Encrypt the knowledge, obfuscate the vectors
Retrieval-augmented generation turns your proprietary knowledge into the agent's. NuDay encrypts that knowledge before it is embedded and obfuscates the vectors themselves, so your RAG store is not a plaintext honeypot.
Vector databases like pgvector and Pinecone are frequently left exposed, a honeypot for source code, enterprise data, and PHI.
The agent retrieves what it needs; an attacker who reaches the store finds nothing readable.
What we protect
Two layers of protection
RAG leaks in two ways: the underlying data, and the vectors that index it. NuDay protects both.
Encrypt the RAG data
The risk
Vector databases are frequently left exposed, acting as a honeypot for unstructured enterprise data, source code, and PHI.
The NuDay standard
NuDay encrypts proprietary data before the embedding model chunks and stores it. Retrieval and decryption happen automatically in real time, governed by the agent's access keys.
Obfuscate the vectors
The risk
Even without the source text, raw embedding vectors can be inverted to reconstruct sensitive content. Plaintext vectors are a leak in their own right.
The NuDay standard
NuDay obfuscates the vectors themselves, so the index stays useful for similarity search while an attacker who reaches it cannot invert the embeddings back into your data.
How it works
Encryption that layers onto your retrieval stack
Without giving up search quality.
Encrypt before embedding
Source documents are encrypted before they are chunked and embedded, so plaintext never lands in the ingestion pipeline or the vector store.
Obfuscate the index
The embedding vectors are transformed so similarity search still ranks results correctly, while the raw vectors can no longer be inverted back into the content they came from.
Decrypt only on retrieval, under keys
When the agent pulls a chunk, it is decrypted just in time under the agent's access keys and used to answer, then discarded. Nothing is left decrypted at rest.
Works with your vector store
NuDay layers over standard vector databases such as pgvector and Pinecone rather than replacing them, so you keep your retrieval stack and add encryption and vector obfuscation on top.
The evidence
Your knowledge base stops being a target
When the RAG store is encrypted and the vectors obfuscated, the thing attackers usually reach for is worthless to them, and your reviewers have a clear answer for where proprietary knowledge lives.
Encrypt before embedding
Data is protected before it ever reaches the embedding model or the vector store.
Retrieval under keys
Decryption is automatic and governed by the agent's access keys, never a standing plaintext copy.
Obfuscated index
Similarity search still works; embedding inversion does not.
Under the hood
Backed by one cryptographic engine
RAG is protected by the same per-record pipeline that secures agent memory and shared memory: checksum, signature, authenticated encryption under a per-record key, and an independent MAC. Native, zero-config, and near-zero overhead.
See how the encryption worksSee it in your stack
See encrypted RAG in your stack.
Bring your pilot and your reviewers. We will show how your knowledge base is encrypted, how the vectors are obfuscated, and the evidence your teams receive.