An attacker with query access to the vector database could systematically probe the embedding space to reconstruct or infer the contents of the knowledge base. Sequential queries that systematically scan the embedding space, or queries with unusual patterns that suggest automated probing, indicate a bulk extraction attempt.

Controls include rate limiting on vector search queries, anomaly detection on query patterns (particularly sequential queries that explore the embedding space systematically), and audit logging of all queries. The monitoring should track per-consumer query volumes and patterns, flagging consumers whose behaviour deviates from the established baseline.

Bulk extraction monitoring complements the model theft controls described above. Where the model itself is protected by rate limiting and network segmentation, the knowledge base requires its own parallel protections. The extraction monitoring configuration and alerting thresholds are documented in Module 9.

Key outputs

• Rate limiting on vector search queries
• Anomaly detection on query patterns for extraction behaviour
• Per-consumer query monitoring against established baselines
• Module 9 AISDP documentation