Skip to content

RAG - AI assistants with company context

Retrieval-Augmented Generation built on the organisation’s knowledge base - SharePoint, Confluence, ERP, CRM, document repositories. GDPR data classification, source-aware access control, audit trail.

What your organisation gains

Reduced risk of hallucination

The model answers based on retrieved documents rather than from memory alone. Every answer carries a source reference.

Access control aligned with data sources

The assistant only sees documents that a specific user is authorised to access. This limits the risk of leaking data subject to classification.

Up-to-date knowledge without retraining the model

A new document added to the knowledge base is available immediately, without costly model fine-tuning.

Audit trail and compliance

Every answer is logged together with the context used: who asked and which sources were used. This matters from the perspective of the AI Act and GDPR.

What we deliver on this project

RAG architecture - design and implementation

Vector database (pgvector, Qdrant, Weaviate), embedding model, retrieval strategy, reranking, prompt engineering.

Integration with sources

SharePoint, Confluence, Notion, Google Drive, SAP, Salesforce, custom repositories. Incremental synchronisation, freshness monitoring.

GDPR data classification

Identification of personal data, sensitivity classification, access policies, masking for restricted-access data.

Source-aware access control

Integration with Entra ID, AD, SAP IDM - the assistant inherits the user’s permissions. No risk of access-level escalation.

Quality monitoring

Measuring answer quality - relevance, faithfulness, citation accuracy. Ongoing tuning of prompts and retrieval strategy.

AI Security review

Testing for prompt injection via context, indirect injection via documents, EchoLeak, ShareLeak. OWASP LLM Top 10.

How we deliver projects in this area

We start with a data audit: which documents should be available to the assistant, in what formats they exist, how they are classified, and what access policies apply within the organisation. On this basis we design the RAG architecture and the scope of the first rollout.

We implement the first use case for one department, typically within a 6-10 week horizon. We check answer quality, correctness of source citation, functioning of access control, and data-security risks.

After the pilot we scale the solution to further sources and user groups. We work as standard with Claude or Azure OpenAI, and for critical data we recommend local LLMs.

Technology stack

Anthropic ClaudeOpenAI / Azure OpenAILlama 3.3MistralLangChainLlamaIndexpgvectorQdrantWeaviateAzure AI SearchSnowflake CortexSharePointConfluenceMicrosoft Graph APIEntra ID

The team’s experience in AI, data integration and enterprise systems confirms SNOK’s readiness to implement RAG solutions.

Where we have delivered similar solutions

Law firm

RAG over 50,000 documents - a legal assistant citing clauses

FMCG manufacturer

RAG over commercial contracts - assistant for the sales department, integrated with SAP

Technology company

RAG over technical documentation - assistant for L1/L2 customer support

FAQ - RAG - assistants with context

How does RAG differ from fine-tuning a model? +

RAG adds knowledge dynamically through retrieval - updates are immediate, and an audit trail is available. Fine-tuning "teaches" the model knowledge - more expensive, slower to update, without citation. In most cases RAG is the better choice.

Does RAG eliminate hallucinations? +

It drastically reduces them - the model answers based on retrieved documents. But it can still misinterpret or miscite - which is why quality monitoring and citation grounding matter.

How do you protect against prompt injection via documents? +

Document sanitisation before indexing, separation of concerns in prompts, output validation, sandboxing for tools the agent can invoke. A full AI Security review.

Does RAG work with local LLMs? +

Yes - the RAG architecture is model-agnostic. We work with Claude, OpenAI, Gemini, and local LLMs (Llama, Mistral, Qwen) within the client’s infrastructure.

Get in touch