Back to Blog
Engineering

Private, Group, Public — A Three-Layer Knowledge Hierarchy for Safe Agents

AICLUDE Team

"What Can the Agent See?" Is the Real Security Question

Most conversations about AI safety focus on the model. The more consequential question inside an organization is actually about scope: what documents, what fields, what memory is the agent allowed to read when it answers someone's question?

Get that wrong, and an external chatbot ends up surfacing internal pricing. Get that right, and the same underlying platform safely powers customer support, team collaboration, and a private assistant for a single engineer.

The simplest, most durable model is a three-layer hierarchy.

The Three Layers

Think of three nested domes.

  1. Private (innermost). Data that belongs to one person. Personal notes, drafts, private chats, individual OKRs.
  2. Group (middle). Data that belongs to a team, department, or workspace. Internal wikis, team runbooks, shared customer notes.
  3. Public (outermost). Data that is safe to present to anyone outside the organization. Product pages, help articles, published policies.

An agent is deployed at one of these layers. An agent at the Public layer cannot read anything in Group or Private — not because of a config file that could be changed, but because the paths into those layers do not exist for it.

Why Three, Not Ten

You could invent a dozen tiers, and some large organizations do. In practice, three covers the meaningful cases:

  • The customer-facing chatbot is Public.
  • The team copilot is Group.
  • The individual assistant is Private.

More layers are usually organizational politics dressed as security. If you need them, add them; if you do not, do not. The three-dome model is the minimum that avoids real leaks.

What Changes With a Clear Hierarchy

  • Deployments become safe. Launching a new customer-facing agent is not a risk of leaking interior knowledge, because it is wired to the outer dome.
  • Promotions are explicit. Moving a document from Private to Group or from Group to Public is a deliberate action, not a side effect of indexing.
  • Audits get easy. When asked "could an outside user have seen this?" the answer is structural: only if this doc was explicitly in Public at that time.

The Human Side

Engineers do not love adding layers. Business users do not love being told "you can't paste that here." But without a tiered scope, the answer to "could this leak?" is always "maybe, let me check," and that maybe is what kills AI adoption in regulated environments.

A clean three-layer scope turns "maybe" into "no, by construction." That confidence is what lets an organization let the agents actually reach real data, instead of demoing on sanitized fixtures.

Back to Blog